Re: [Declude.Virus] Banned extension tripped by Microsoft Outlook, Build 10.0.3416
Right, so if we detected actual file type (GIF instead of .js=NO), we would know that it was a .gif and therefore not a threat...so it wouldn't get banned. Darin. - Original Message - From: "Matt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 18, 2004 11:50 AM Subject: Re: [Declude.Virus] Banned extension tripped by Microsoft Outlook, Build 10.0.3416 Turns out it was, and this also makes sense. Outlook only munged the name and not the file. Here's the base64 code for the spacer image along with the link and JavaScript is used to generate arguments appended to the link: - Actual Attachment (GIF) - Content-Type: application/octet-stream; name="nojavascript&WT.js=No" Content-Transfer-Encoding: base64 Content-Location: http://stats.bradyinternational.com/dcso262fk09tjxucaxis09t1m_7v1i/njs.gif?dcsuri=/nojavascript&WT.js=No R0lGODlhAQABAIAAAP8A/wAAACH5BAEALAABAAEAAAICRAEAOw== - Image Tag (original version was dynamic, this was the fall-back used when attached) - http://stats.bradyinternational.com/dcso262fk09tjxucaxis09t1m_7v1i= /njs.gif?dcsuri=3D/nojavascript&WT.js=3DNo"=20 width=3D1 border=3D0 name=3DDCSIMG> - JavaScript Used to Write The Image Tag -
Re: [Declude.Virus] Banned extension tripped by Microsoft Outlook, Build 10.0.3416
Turns out it was, and this also makes sense. Outlook only munged the name and not the file. Here's the base64 code for the spacer image along with the link and JavaScript is used to generate arguments appended to the link: - Actual Attachment (GIF) - Content-Type: application/octet-stream; name="nojavascript&WT.js=No" Content-Transfer-Encoding: base64 Content-Location: http://stats.bradyinternational.com/dcso262fk09tjxucaxis09t1m_7v1i/njs.gif?dcsuri=/nojavascript&WT.js=No R0lGODlhAQABAIAAAP8A/wAAACH5BAEALAABAAEAAAICRAEAOw== - Image Tag (original version was dynamic, this was the fall-back used when attached) - = src=3D"http://stats.bradyinternational.com/dcso262fk09tjxucaxis09t1m_7v1i= /njs.gif?dcsuri=3D/nojavascript&WT.js=3DNo"=20 width=3D1 border=3D0 name=3DDCSIMG> - JavaScript Used to Write The Image Tag -
Re: [Declude.Virus] Banned extension tripped by Microsoft Outlook, Build 10.0.3416
We do already have some support for that in Declude Virus Pro. But, the problem is that it often isn't possible to tell what the file type is without the extension. In this case, it would be very difficult to distinguish a .js file from a .txt file, for example. There is another problem, too -- if you have a file that Declude Virus identifies as a .GIF file, but it has an .EXE extension, do you really want it? The attachment in this case was the GIF file, just a spacer.gif used elsewhere in that page. Actually, it wasn't, if I have the correct information: - Attachment MIME Definition - Content-Type: application/octet-stream; name="nojavascript&WT.js=No" ... That file is named "nojavascript&WT.js=No". Although there is a Content-Location: header afterwards, the Content-Location: header isn't used as part of the file name. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned extension tripped by Microsoft Outlook, Build 10.0.3416
Interesting...so it's Outlook's fault, eh? Understand about text files...they would be next to impossible to determine what the content really was without greatly increasing processing time and a lot of effort. However, I still think it is very valuable to add detection of the obvious types like EXE, COM, ZIP, etc. and allow banning even if someone renamed it rather than depending on the file extension. In the case of .js, .vbs, .bat, I would expect that the identified type would be TEXT. Note that I'm not saying get rid of the file extension banning capabilities, just supplement with the _real_ type detection rather than whatever extension it happens to have. Darin. - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 18, 2004 10:17 AM Subject: Re: [Declude.Virus] Banned extension tripped by Microsoft Outlook, Build 10.0.3416 >I understand the subsequent discussion in the declude.com example produces >an attached file, but the original example from Matt was a .gif file, with >additional querystring parameters that specified WT.js=No. What should have >been checked was the ".gif" extension. Actually, the web page URL was for a .gif file -- but Outlook reported it as just "nojavascript&WT.js=No", so Declude Virus can't see the .GIF file. >As far as the other issue regarding the declude.com example, I'll suggest >again that the ability to check actual file type, rather than extension, be >added. We do already have some support for that in Declude Virus Pro. But, the problem is that it often isn't possible to tell what the file type is without the extension. In this case, it would be very difficult to distinguish a .js file from a .txt file, for example. There is another problem, too -- if you have a file that Declude Virus identifies as a .GIF file, but it has an .EXE extension, do you really want it? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned extension - MDB
fwiw.. right or wrong here is what we're using BANEXT ad BANEXT adp BANEXT ASD BANEXT ASF BANEXT ASP BANEXT ASX BANEXT BAS BANEXT BAT BANEXT CAB BANEXT CEO BANEXT CHM BANEXT CMD BANEXT COM BANEXT CPL BANEXT CRT BANEXT DLL BANEXT EXE BANEXT hlp BANEXT HTA BANEXT HTO BANEXT inf BANEXT ins BANEXT isp BANEXT JS BANEXT JSE BANEXT LNK BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT MST BANEXT NWS BANEXT OCX BANEXT pcd BANEXT PIF BANEXT PNG BANEXT REG BANEXT SCR BANEXT sct BANEXT shb BANEXT SHS BANEXT SYS BANEXT url BANEXT vb BANEXT VBE BANEXT VBS BANEXT VBX BANEXT vsd BANEXT vss BANEXT vst BANEXT vsw BANEXT ws BANEXT wsc BANEXT WSF BANEXT WSH BANEXT XML ~Rick - Original Message - From: "William Baumbach" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 24, 2003 8:55 PM Subject: Re: [Declude.Virus] Banned extension - MDB > This list is from > http://support.microsoft.com/default.aspx?scid=kb;EN-US;290497 > > BANEXT ade > BANEXT adp > BANEXT asx > BANEXT bas > BANEXT bat > BANEXT chm > BANEXT cmd > BANEXT com > BANEXT cpl > BANEXT crt > BANEXT exe > BANEXT hlp > BANEXT hta > BANEXT inf > BANEXT ins > BANEXT isp > BANEXT js > BANEXT jse > BANEXT lnk > BANEXT mdb > BANEXT mde > BANEXT msc > BANEXT msi > BANEXT msp > BANEXT mst > BANEXT pcd > BANEXT pif > BANEXT prf > BANEXT reg > BANEXT scf > BANEXT scr > BANEXT sct > BANEXT shb > BANEXT shs > BANEXT url > BANEXT vb > BANEXT vbe > BANEXT vbs > BANEXT wsc > BANEXT wsf > BANEXT wsh > > Sincerely, > > William J. Baumbach II [EMAIL PROTECTED] > 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 > Ph: 703-273-4400 ext:1708 Fax: 703-691-0946 > ------------- > > ----- Original Message - > From: "David Stavert" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 24, 2003 9:35 PM > Subject: RE: [Declude.Virus] Banned extension - MDB > > > Renaming the extension which, if used by someone unfamiliar with > extensions, could result in a file having a legit extension. As we know, > file extensions for a known file type will disappear in a Windows > default environment. Try coaching someone through that problem. Beter > still would be to replace the "." With an underscore i.e. filename_mdb > It makes the file truly UN executable and it is easy to rename, easy to > describe. > > > David > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch > > Sent: Monday, February 24, 2003 11:46 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] Banned extension - MDB > > > > > > Thanks gang, much appreciated!! > > > > - Rodney > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Smart > > Business Lists > > Sent: Monday, February 24, 2003 10:32 AM > > To: Rodney Bertsch > > Subject: Re: [Declude.Virus] Banned extension - MDB > > > > > > Rodney, > > > > Monday, February 24, 2003 you wrote: > > RB> But they wouldn't self execute would they? > > > > With a little JavaScript in an html carrier or a few other ways I > > can imagine it could be made to open. > > > > RB> You would still have to open the Access DB first before > > there were > > RB> problems. Putting the ZIP restriction in there wouldn't really > > RB> protect any farther, just one more step to get to the bad macros. > > > > Yes, the database has to open. But putting it in the zip means > > that it has to be unzipped before it can open. > > > > RB> Or am I missing something here? Can the MDB file be made > > to execute > > RB> automatically just by receiving the e-mail? > > > > It can if the client is using Outlook or Outlook Express and does > > not have proper security settings. It might even if the security > > settings are proper. > > > > RB> What about Word and Excel files? They can also contain > > macros, can > > RB> they > > be > > RB> made to execute automatically just by opening the e-mail? > > > > Yes. > > > > Terry Fritts > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > j
Re: [Declude.Virus] Banned extension - MDB
This list is from http://support.microsoft.com/default.aspx?scid=kb;EN-US;290497 BANEXT ade BANEXT adp BANEXT asx BANEXT bas BANEXT bat BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT prf BANEXT reg BANEXT scf BANEXT scr BANEXT sct BANEXT shb BANEXT shs BANEXT url BANEXT vb BANEXT vbe BANEXT vbs BANEXT wsc BANEXT wsf BANEXT wsh Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-273-4400 ext:1708 Fax: 703-691-0946 - - Original Message - From: "David Stavert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 24, 2003 9:35 PM Subject: RE: [Declude.Virus] Banned extension - MDB Renaming the extension which, if used by someone unfamiliar with extensions, could result in a file having a legit extension. As we know, file extensions for a known file type will disappear in a Windows default environment. Try coaching someone through that problem. Beter still would be to replace the "." With an underscore i.e. filename_mdb It makes the file truly UN executable and it is easy to rename, easy to describe. David > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch > Sent: Monday, February 24, 2003 11:46 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Banned extension - MDB > > > Thanks gang, much appreciated!! > > - Rodney > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Smart > Business Lists > Sent: Monday, February 24, 2003 10:32 AM > To: Rodney Bertsch > Subject: Re: [Declude.Virus] Banned extension - MDB > > > Rodney, > > Monday, February 24, 2003 you wrote: > RB> But they wouldn't self execute would they? > > With a little JavaScript in an html carrier or a few other ways I > can imagine it could be made to open. > > RB> You would still have to open the Access DB first before > there were > RB> problems. Putting the ZIP restriction in there wouldn't really > RB> protect any farther, just one more step to get to the bad macros. > > Yes, the database has to open. But putting it in the zip means > that it has to be unzipped before it can open. > > RB> Or am I missing something here? Can the MDB file be made > to execute > RB> automatically just by receiving the e-mail? > > It can if the client is using Outlook or Outlook Express and does > not have proper security settings. It might even if the security > settings are proper. > > RB> What about Word and Excel files? They can also contain > macros, can > RB> they > be > RB> made to execute automatically just by opening the e-mail? > > Yes. > > Terry Fritts > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [ Scanned for viruses and SPAM on 02/24/2003 at 21:31:45ET incoming www.DcMetroNet.com Declude version 1.67. For information about Viruses and Hoaxes visit www.commandsoftware.com/virus/index.html ] --- --- [ Scanned for viruses and SPAM on 02/24/2003 at 21:56:49ET outgoing http://www.DcMetroNet.com Declude v.1.67. For information about Viruses and Hoaxes visit http://www.commandsoftware.com/virus/index.html ] --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension - MDB
Renaming the extension which, if used by someone unfamiliar with extensions, could result in a file having a legit extension. As we know, file extensions for a known file type will disappear in a Windows default environment. Try coaching someone through that problem. Beter still would be to replace the "." With an underscore i.e. filename_mdb It makes the file truly UN executable and it is easy to rename, easy to describe. David > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch > Sent: Monday, February 24, 2003 11:46 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Banned extension - MDB > > > Thanks gang, much appreciated!! > > - Rodney > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Smart > Business Lists > Sent: Monday, February 24, 2003 10:32 AM > To: Rodney Bertsch > Subject: Re: [Declude.Virus] Banned extension - MDB > > > Rodney, > > Monday, February 24, 2003 you wrote: > RB> But they wouldn't self execute would they? > > With a little JavaScript in an html carrier or a few other ways I > can imagine it could be made to open. > > RB> You would still have to open the Access DB first before > there were > RB> problems. Putting the ZIP restriction in there wouldn't really > RB> protect any farther, just one more step to get to the bad macros. > > Yes, the database has to open. But putting it in the zip means > that it has to be unzipped before it can open. > > RB> Or am I missing something here? Can the MDB file be made > to execute > RB> automatically just by receiving the e-mail? > > It can if the client is using Outlook or Outlook Express and does > not have proper security settings. It might even if the security > settings are proper. > > RB> What about Word and Excel files? They can also contain > macros, can > RB> they > be > RB> made to execute automatically just by opening the e-mail? > > Yes. > > Terry Fritts > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension - MDB
Thanks gang, much appreciated!! - Rodney -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Smart Business Lists Sent: Monday, February 24, 2003 10:32 AM To: Rodney Bertsch Subject: Re: [Declude.Virus] Banned extension - MDB Rodney, Monday, February 24, 2003 you wrote: RB> But they wouldn't self execute would they? With a little JavaScript in an html carrier or a few other ways I can imagine it could be made to open. RB> You would still have to open the Access DB first before there were RB> problems. Putting the ZIP restriction in there wouldn't really RB> protect any farther, just one more step to get to the bad macros. Yes, the database has to open. But putting it in the zip means that it has to be unzipped before it can open. RB> Or am I missing something here? Can the MDB file be made to execute RB> automatically just by receiving the e-mail? It can if the client is using Outlook or Outlook Express and does not have proper security settings. It might even if the security settings are proper. RB> What about Word and Excel files? They can also contain macros, can they be RB> made to execute automatically just by opening the e-mail? Yes. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension - MDB
You can have Access databases auto-run two ways: 1) Create a macro called AutoExec 2) In Tools/Startup choose a Display Form/Page form and attach code in its "open" event. -Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff Sent: Monday, February 24, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Banned extension - MDB > A workaround you might suggest is renaming the file to a different > extension - that will get around the WinZip problem and _should_ also > make the files safe. I agree with this method. Correct me if I am wrong, but just opening an Access database does not cause any Macros in it to run, you have to run a query or such. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned extension - MDB
Rodney, Monday, February 24, 2003 you wrote: RB> But they wouldn't self execute would they? With a little JavaScript in an html carrier or a few other ways I can imagine it could be made to open. RB> You would still have to open the Access DB first before there were RB> problems. Putting the ZIP restriction in there wouldn't really RB> protect any farther, just one more step to get to the bad macros. Yes, the database has to open. But putting it in the zip means that it has to be unzipped before it can open. RB> Or am I missing something here? Can the MDB file be made to execute RB> automatically just by receiving the e-mail? It can if the client is using Outlook or Outlook Express and does not have proper security settings. It might even if the security settings are proper. RB> What about Word and Excel files? They can also contain macros, can they be RB> made to execute automatically just by opening the e-mail? Yes. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension - MDB
> macros can run on open Thanks for the clarification. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned extension - MDB
John, Monday, February 24, 2003 you wrote: JT> I agree with this method. Correct me if I am wrong, but just opening an JT> Access database does not cause any Macros in it to run, you have to run a JT> query or such. macros can run on open Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension - MDB
> A workaround you might suggest is renaming the file to a different > extension - that will get around the WinZip problem and _should_ also > make the files safe. I agree with this method. Correct me if I am wrong, but just opening an Access database does not cause any Macros in it to run, you have to run a query or such. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned extension - MDB
If I remember correctly on 2/24/03 7:23 AM Rodney Bertsch wrote: > But they wouldn't self execute would they? You would still have to open the > Access DB first before there were problems. Putting the ZIP restriction in > there wouldn't really protect any farther, just one more step to get to the > bad macros. > > Or am I missing something here? Can the MDB file be made to execute > automatically just by receiving the e-mail? > > What about Word and Excel files? They can also contain macros, can they be > made to execute automatically just by opening the e-mail? If they don't want to zip it, just have them change the extension. Say from .mdb to .mdz. Regards, -Don The little time you save hastily finishing the project will be spent redoing it properly... === Don Wolff- Technology Coordinator Phoenix-Talent School District #4 mailto:[EMAIL PROTECTED] Office- 541-535-0200 Mobile- 541-621-4717 FAX-541-535-7552 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension - MDB
| -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch | One of our users wants to send an MDB file (MS Access) that I | currently have | on my banned extensions list. The receiver (not our user) is | not familiar | with WinZIP I'm sure others will repost the info on the extensions. A workaround you might suggest is renaming the file to a different extension - that will get around the winzip problem and _should_ also make the files safe. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension - MDB
But they wouldn't self execute would they? You would still have to open the Access DB first before there were problems. Putting the ZIP restriction in there wouldn't really protect any farther, just one more step to get to the bad macros. Or am I missing something here? Can the MDB file be made to execute automatically just by receiving the e-mail? What about Word and Excel files? They can also contain macros, can they be made to execute automatically just by opening the e-mail? Thanks, Rodney Bertsch IS Coordinator Kirk NationaLease Co. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Smart Business Lists Sent: Monday, February 24, 2003 10:12 AM To: Rodney Bertsch Subject: Re: [Declude.Virus] Banned extension - MDB Rodney, Monday, February 24, 2003 you wrote: RB> I tried to find some RB> supporting documentation as to exactly why the MDB file extension is unsafe RB> to send but was unable to find any because you can put macros in it and macros can be vicious. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned extension - MDB
Rodney, Monday, February 24, 2003 you wrote: RB> I tried to find some RB> supporting documentation as to exactly why the MDB file extension is unsafe RB> to send but was unable to find any because you can put macros in it and macros can be vicious. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Banned Extension List
here is the one I reference: http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx On Tuesday, January 14, 2003 11:28 AM, [EMAIL PROTECTED] wrote: > >Can someone please furnish me the link to the Microsoft page listing the >extensions that should be banned? >Thanks, >Doug McKee > >--- >[This E-mail scanned for viruses by Declude Virus] > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus".The archives can be found >at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Banned extension
Hello Scott! > It will get bigger, but not nearly as much as the debug mode (which can > easily create log files 10-100 times their current size). At > most, I would > guess that the log files would increase about 20% by using HIGH. OK, i will set it as default, 20% don`t bother me. > You can find it at http://www.declude.com/virus/manual.htm . Thanks, i bookmarked it now. Hermann --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .