>> Right now I deny all .vbs attachments. Yes, this is rather draconian and
>> there might be a 1 in 100,000,000,000,000 chance that someone really
needs
>> to send a .vbs attachment. Those are the breaks...
>That was the point I was trying to get across yesterday... It can be
>renamed and sent through over and over so why not filter all .vbs
>attachments? I tried to emphasize the point that non tech uses are killing
>us with their carelessness so we have to protect them from vbs scripts in
>order to protect ourselves.
>On the same note I carried it through to all exe files as well. If they
>need to be sent by good users- What's the big deal in changing the
>extension to .exx? Bad guys will send an exe and hope it is run on double
>click while an exx.obviously won't till the end user changes the extension
>back to .exe.
Consider filtering the following as well:
*.reg Regedit will inject its contents into your registry without any
warning if you open this file
*.hlp Windose help files can contain auto-executing vb script
*.hta html application, can contain vb script, javascript etc.(MSHTA.EXE
will run them when you click on them)
*.shs shell automation code
*.vbs vb script
*.chm compiled HTML help file, also can contain vb script, javascript etc.
Most of these will never need to be sent or received by a user and all can
contain malicious code. Any other suggestions?