> Consider filtering the following as well:
>
> *.reg Regedit will inject its contents into your
> registry without any
> warning if you open this file
> *.hlp Windose help files can contain auto-executing vb script
> *.hta html application, can contain vb script,
> javascript etc.(MSHTA.EXE
> will run them when you click on them)
> *.shs shell automation code
> *.vbs vb script
> *.chm compiled HTML help file, also can contain vb
> script, javascript etc.
>
> Most of these will never need to be sent or received by a
> user and all can
> contain malicious code. Any other suggestions?
Here's a snip from a bugtraq post...
<snip>
Sean Malloy <[EMAIL PROTECTED]> is letting us known that changing the
virus to use a WSF extension instead of VBS is just as affective.
WSF stands for Windows Scripting File. Antivirus vendors that want to
be proactive might want to add this extension to their signatures.
</snip>
Mark
