More troubles with zipped files (newest MyDoom)
Mikael Olofsson
Mikael.Olofsson at OSS.TELECA.SE
Tue Jul 27 08:53:02 IST 2004
Hi,
some MyDoom viruses got thru our MailScanner and it seems the files had the
extention .pif. (notice the extra dot) but windows saves the files as .pif
and executes them if you dbl-click. I tried both zipped and just the plain
file.
I solved this by adding this to filename.rules.conf:
# Don't allow . after extention
deny \.[a-z0-9]{3}\.$ Found possible filname hiding
Attempt to hide extention with . at the end
Cheers
Mikael
---
"Any sufficiently advanced technology is indistinguishable from magic."
- Arthur C. Clark
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list