[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-virus
Subject: trapping HTA files
From: "lsi" <stuart () cyberdelix ! net>
Date: 2004-04-04 11:56:12
Message-ID: 407005EC.20358.3FB3349 () localhost
[Download RAW message or body]
Comments are requested on techniques to filter at the email gateway
messsges with files attached in HTA and other "executable HTML Help"
formats such as HTC, HTZ etc.
These files although "executable" are apparently just text files with
proprietary Microsoft extensions. Consequently they are not trapped
by a filter which traps most other Windows executables.
HTA files can be trapped using the following regular expression,
testing for it in the body of the message:
<HTA:APPLICATION*
What I'm wondering is if someone has a magic recipe that will catch
"all" executable help formats, or a list of regexps for each format.
To uninstall HTML Help:
http://support.microsoft.com/support/kb/articles/Q201/4/20.ASP
HTML Help history:
http://www.helpware.net/htmlhelp/hh_info.htm
Cheers
Stuart
---
Stuart Udall
stuart at cyberdelix.dot.net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192.168.0.2)
------------------------------------------------------------------------------
Astaro Security Linux - firewall with spam & virus protection, VPN -free trial
Protect your network with the comprehensive security solution that integrates
six applications for ease of use and lower TCO.
- Firewall
- Virus protection
- Spam protection
- URL blocking
- VPN
- Wireless security
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-virus_030329
----------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic