New dangerous attachment filenames

[Brent Strignano]

In light of the new windows GDI vulnerability should we add 'jpg' and
'jpeg' to the list?

I am until I can get all of our machines patched.

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Brent Strignano
System Administrator
Granite Capital Holdings
Sidney, NY
 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Thursday, September 09, 2004 11:43 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: New dangerous attachment filenames


Microsoft have apparently expanded their list of "High-risk file types"
with the release of Windows XP SP2. The new list of high-risk dangerous
attachments they have added are: .ade .adp .app .asp .bas .bat .cer .chm
.cmd .com .cpl .crt .csh .exe .fxp .hlp .hta .inf .ins .isp .its .js
.jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw
.mda .mdb .mde .mdt .mdw .mdz .msc .msi .msp .mst .ops .pcd .pif .prf
.prg .pst .reg .scf .scr .sct .shb .shs .tmp .url .vb .vbe .vbs
.vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh

I have added what are apparently the worst of these to the default
filename.rules.conf file. The new file is attached.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).