Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Virus executables, anyone clued up?

Author
Message
Van B
Moderator
21
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 11th Nov 2004 20:13
Link
Hi all,

Basically I work with a bunch of in-bred toothless morons, and I'm sick of dealing with their viruses - so I'm throwing together a little gremlin to help me. Gate Gremlin is an add on for FTGate email servers that browses all the email on a server and disables executable attachments.

So far I'm disabling...

.exe
.scr
.com
.bat
.vbs
.htm

Is there any other file extensions that I should add to that? - except .zip, I'm trying to get everyone into the habit of compressing their attachments.


Van-B


It's c**p being the only coder in the village.
Back to top
Profile PM Email
Damokles
21
Years of Service
User Offline
Joined: 28th May 2003
Location: Belgium
Posted: 11th Nov 2004 20:16
Link
if you disable .htm, then disable .html as well

- Mind the gap -
Back to top
Profile PM Email Website
Van B
Moderator
21
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 11th Nov 2004 20:39
Link
The .HTML should get caught by the .HTM filter (it just checks the 3 byte extension so only the first 3 chars matter). Only a couple of people have web access, so linked viruses should'nt be a problem as most users won't be able to access them.


Van-B


It's c**p being the only coder in the village.
Back to top
Profile PM Email
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 11th Nov 2004 20:52
Link
.dll?


DBP_NETLIB_v1.4.3 DarkTOPIA site coming soon!
Back to top
Profile PM
Van B
Moderator
21
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 11th Nov 2004 20:55
Link
Ahh! - I knew I'd forgetten at least 1, thanks .


Van-B


It's c**p being the only coder in the village.
Back to top
Profile PM Email
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 11th Nov 2004 21:57
Link
.vxd, .pif, .lnk

Walk softly... and carry a big gun...
Back to top
Profile PM Email Website
Van B
Moderator
21
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 11th Nov 2004 22:06
Link
Thanks - this is a great help. I'm actually nearly done with it - hmmm, global virus protection over the whole work network in the space of a couple of hours... I should really be paid more .


Van-B


It's c**p being the only coder in the village.
Back to top
Profile PM Email
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 11th Nov 2004 22:36
Link
And dont forget to make sure you check files with double extensions...

Walk softly... and carry a big gun...
Back to top
Profile PM Email Website
spooky
22
Years of Service
User Offline
Joined: 30th Aug 2002
Location: United Kingdom
Posted: 11th Nov 2004 22:39
Link
Our work mail servers deal with around half a million emails a month of which over 90% is spam and viruses.

Most common ones are .scr, .exe, .vbs, .pif

Unfortunately there are loads of viruses being sent in .zip files which makes things rather annoying.

Should also disable .com, .bat, .cpl, .hta, .lnk, .bas, .cmd, .reg, .vbe

Boo!
Back to top
Profile PM Website
Ian T
22
Years of Service
User Offline
Joined: 12th Sep 2002
Location: Around
Posted: 11th Nov 2004 22:46
Link
Quote: "except .zip"


Fun idea... diable .zip and .rar, tell dudes to use 7zip. It works better anyways, but spammers are always behind the times !

[center]
forget as boolean : forgive as boolean : if forgive=1 : forget=0 : else : forgive=1 : endif
Back to top
Profile PM
Van B
Moderator
21
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 11th Nov 2004 22:52
Link
Hehe, damn that's like 16 executable extensions! - rather than type them out, this shows what I have so far...

If findtext(".exe", parse$) > -1 Then analyse = 1
If findtext(".scr", parse$) > -1 Then analyse = 1
If findtext(".com", parse$) > -1 Then analyse = 1
If findtext(".bat", parse$) > -1 Then analyse = 1
If findtext(".vbs", parse$) > -1 Then analyse = 1
If findtext(".htm", parse$) > -1 Then analyse = 1
If findtext(".dll", parse$) > -1 Then analyse = 1
If findtext(".vxd", parse$) > -1 Then analyse = 1
If findtext(".pif", parse$) > -1 Then analyse = 1
If findtext(".lnk", parse$) > -1 Then analyse = 1
If findtext(".cpl", parse$) > -1 Then analyse = 1
If findtext(".hta", parse$) > -1 Then analyse = 1
If findtext(".bas", parse$) > -1 Then analyse = 1
If findtext(".cmd", parse$) > -1 Then analyse = 1
If findtext(".reg", parse$) > -1 Then analyse = 1
If findtext(".vbe", parse$) > -1 Then analyse = 1

The findtext function just finds the text in the second string (which is read from the file) - so double extensions should be picked up).
It does'nt actually delete anything, it just renames the extension so you can't run it and it can't run itself - the user can get it working but they'd have to know what type of file it was, so really it'd only be a problem when they're expecting the attachment.

Thanks a bunch for everyones input.


Van-B


It's c**p being the only coder in the village.
Back to top
Profile PM Email
Nicholas Thompson
20
Years of Service
User Offline
Joined: 6th Sep 2004
Location: Bognor Regis, UK
Posted: 11th Nov 2004 23:59
Link
My old uni now disabled pretty much EVERY file except PNG.. Lol..

The latest viruses exploit a JPG thingy in windows..

There would be FAR fewer problems if

(a) everyone used an up to date virus checker

(b) DID NOT OPEN THE SILLY EMAILS!! Things Like, "Hey look at me, I'll change your life".. You delete INSTANTLY!!

Also, I don't like outlook as it downloads the email before you can do anything about it.. I prefer Yahoo Mail as any viruses get kept their end unless I specifically hit DOWNLOAD..

My Website: http://www.thingy-ma-jig.co.uk
Back to top
Profile PM Email Website
Van B
Moderator
21
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 12th Nov 2004 00:11
Link
That's sorta how this will work - FTGate is an email server that downloads all the email to 1 location, then it distributes it to mailbox folders that are then used by the individual PC's. This is designed to run constantly, scanning mail for attachments - so most of the time the email will have been scanned by GG before outlook even knows it's got mail to download. It takes about 15 seconds to scan the email folders, so it should be pretty rare that someone nabs an email before it get's scanned.

Hehe, we got caught recently. If you got an email from someone you did'nt know, with no discernable subject, and a smilie for a message - would you even consider running the Price.com file attached to it?. I hope not, but like 7 people here did, people who've had computers for years - one of them was our website designer!. What a freakin tool.


Van-B


It's c**p being the only coder in the village.
Back to top
Profile PM Email
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 12th Nov 2004 02:53
Link
My god...that's like asking someone to download the internet so you can browse offline

Also you could make it so it blocks all those attachments, except when the sender is in the contact list.

[center]:: Architectonic 2.0 :: Notepad forever! ::
[center]
Back to top
Profile PM Email Website
spooky
22
Years of Service
User Offline
Joined: 30th Aug 2002
Location: United Kingdom
Posted: 12th Nov 2004 03:08
Link
Never trust the sender to be who they say. Most viruses spoof the sender address from rummaging through infected pc's documents and contact lists. So you may get an email you think is from a friend with an attachment that looks harmless, but isn't.

Boo!
Back to top
Profile PM Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 12th Nov 2004 03:10 Edited at: 12th Nov 2004 03:13
Link
I ignore attachments until I get confirmation from the sender or I asked for it (ie. some homework I'm to lazy to do myself ).

[center]int N30F15H,a=1; do { N30F15H++; } while (a==1);[url=http://www.bigcheeseservers.com/architectonic2/html]
[/url][center]
Back to top
Profile PM Email Website
Van B
Moderator
21
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 12th Nov 2004 20:27
Link
The gremlin is in place and doing a handsome job (5 instances of Price.com alone) - thanks again for all your input.


Van-B


It's c**p being the only coder in the village.
Back to top
Profile PM Email
Pricey
21
Years of Service
User Offline
Joined: 22nd Feb 2003
Location:
Posted: 13th Nov 2004 02:57 Edited at: 13th Nov 2004 02:58
Link
[EDIT]
Stupid Post Sorry

http://wwww.johnsgames.tk
Back to top
Profile PM Email
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 14th Nov 2004 01:09
Link
Don't forget '.js' too.

*** Coming soon - Network Plug-in - Check my site for info ***
For free Plug-ins, source and the Interface library for Visual C++ 6, .NET and now for Dev-C++ http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
1tg46
20
Years of Service
User Offline
Joined: 1st Feb 2004
Location: I dont know!
Posted: 14th Nov 2004 02:35
Link
Last year my school was getting hit with .doc viruses, and no extension files.


Click the sig
Back to top
Profile PM Website
Back to top

Login to post a reply

Server time is: 2024-09-23 00:30:15
Your offset time is: 2024-09-23 00:30:15