Incorrect "virus" detection?

Steve Evans sevans at FOUNDATION.SDSU.EDU
Wed Jul 10 15:53:34 IST 2002


http://www.swinc.com/resource/e2kfaq_appxj.htm

 
Steve Evans
Computing Services
(619) 594-0653
 


-----Original Message-----
From: Anders Andersson, IT [mailto:andersan at LTKALMAR.SE] 
Sent: Wednesday, July 10, 2002 4:11 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: SV: Incorrect "virus" detection?


> -----Ursprungligt meddelande-----
> Från: Martin Sapsed [mailto:m.sapsed at BANGOR.AC.UK]
> Skickat: den 10 juli 2002 11:24
> Till: MAILSCANNER at JISCMAIL.AC.UK
> Ämne: Re: Incorrect "virus" detection?
> 
> 
> nwp at lemon-computing.com wrote:
> >
> > On Tue, Jul 09, 2002 at 09:45:09AM +0100, Martin Sapsed wrote:
> >
> > > random file ending in .this.that because no matter what's
> in the file,
> > > windows doesn't (does it?) stupidly execute a file ending
> in .that?
> >
> > Windows recognises certain file types no matter what the
> extension; Office
> > documents, for example (IIRC).
> 
> Blimey! Scary! Apologies folks - didn't realise that.
> However, it still
> won't blindly execute files with random extensions (yet, at 
> least on W98 -
> does XP?) Please tell me it doesn't!
Outlook/win is really stupid ehn it vcomes to autorun files... get a safe script and turn on preview in explorer and it will execute it... anything that can be executed will eb executed in the priview window... belive me, a co-worker just marked a nimda file and started an outbreak on that mashine. We had protection on the rest of the servers but it could have been bad =(

>From outlook update: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q235309&id=KB;EN-US;
Q235309

After you install this version of the security update, when you open attachments with file name extensions of .ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf or .wsh, you receive the following warning message: 
Attachment Security Warning 

> 
> Are we sure that we've got all the extensions that windows
> will blindly
> execute though? I guess it's anything which has (or can get 
> to) a registry
> key HKEY_CLASSES_ROOT\<whatever>\shell\open\command where the 
> value begins
> with %1?
> 
> Cheers,
> 
> Martin
> 
> --
> Martin Sapsed                           To have no errors
> Information Services                    Would be life without meaning
> University of Wales, Bangor, LL57 2UX   No struggle, no joy.
> 




More information about the MailScanner mailing list