Jonathan Vanasco wrote:
> deny message = contains $found_extension file (This file extention
> is blacklisted, as it is likely to be a virus ).
> demime =
> ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:
> mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:
> wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HLP:HTA:INF:INS:ISP:JS:
> JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:REG:SCR:SCT:SHS:SHB:URL:VB:VBE:
> VBS:WSC:WSF:WSH
Is it necessary to list both upper and lower case for the extensions? I
would hope not. If so, it won't take long for some virus writer to
start randomizing the case of each letter, e.g. eXE, Exe, EXe, etc.
--
Rossz
