[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-virus
Subject:    trapping HTA files
From:       "lsi" <stuart () cyberdelix ! net>
Date:       2004-04-04 11:56:12
Message-ID: 407005EC.20358.3FB3349 () localhost
[Download RAW message or body]

Comments are requested on techniques to filter at the email gateway 
messsges with files attached in HTA and other "executable HTML Help" 
formats such as HTC, HTZ etc.

These files although "executable" are apparently just text files with 
proprietary Microsoft extensions.  Consequently they are not trapped 
by a filter which traps most other Windows executables.

HTA files can be trapped using the following regular expression, 
testing for it in the body of the message:

<HTA:APPLICATION*

What I'm wondering is if someone has a magic recipe that will catch 
"all" executable help formats, or a list of regexps for each format.

To uninstall HTML Help:

http://support.microsoft.com/support/kb/articles/Q201/4/20.ASP

HTML Help history:

http://www.helpware.net/htmlhelp/hh_info.htm

Cheers
Stuart
---
Stuart Udall
stuart at cyberdelix.dot.net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192.168.0.2)


------------------------------------------------------------------------------
Astaro Security Linux - firewall with spam & virus protection, VPN -free trial

Protect your network with the comprehensive security solution that integrates 
six applications for ease of use and lower TCO.

- Firewall
- Virus protection
- Spam protection
- URL blocking
- VPN
- Wireless security

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-virus_030329 
----------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]