Blockierte Inhalte und Anhänge durch den MailCleaner
Gepostet von Daniel Jörg, Letzte Änderung durch Daniel Jörg an 11 November 2016 05:14 PM

Der MailCleaner filtert nicht nur Spam Mails sondern blockiert auch gefährliche Inhalte. Dazu gehören Code wie auch Beilagen. Die folgenden gefährlichen Inhalte werden aktuell durch den MailCleaner blockiert. Je nach Bedrohungslage wird diese von uns angepasst.

html-Code:

IFrame objects
Formulars
Scripts
Codebase objects
Web Bugs

 

Nachrichten Format:

Microsoft Office documents with macros embedded
Password protected archives
Partial contents
External bodies

 

Dateinamen (Schreibweise in Regular Expression):

.{150,}    Very long filenames are good signs of attacks against Microsoft e-mail packages
happy99\.exe$    "Happy" virus
pretty\s+park\.exe$     "Pretty Park" virus
webpage\.rar$     Often used by the I-Worm.Yanker virus
\.bat$    Batch files are often malicious
\.ceo$    Often used by the WinEvar virus
\.chm$    Compiled help files are very dangerous in email
\.cmd$    Batch files are often malicious
\.cnf$    SpeedDials are very dangerous in email
\.com$    Executable DOS/Windows programs are dangerous in email
\.cpl$    Control panel items are often used to hide viruses
\.exe$    Executable DOS/Windows programs are dangerous in email
\.hta$    HTML archives are very dangerous in email
\.ins$    Windows Internet Settings are dangerous in email
\.job$    Task Scheduler requests are dangerous in email
\.js$    JavaScript
\.jse?$    JScript Scripts are dangerous in email
\.lnk$    Eudora *.lnk security hole attack
\.ma[dfgmqrstvw]$    Microsoft Access Shortcuts are dangerous in email
\.mhtml$    MHTML files can be used in an attack against Eudora
\.pif$    Shortcuts to MS-Dos programs are very dangerous in email
\.reg$    Windows registry entries are very dangerous in email
\.scf$    Windows Explorer Commands are dangerous in email
\.scr$    Windows Screensavers are often used to hide viruses
\.sct$    Windows Script Components are dangerous in email
\.shb$    Shortcuts Into Documents are very dangerous in email
\.shs$    Shell Scrap Objects are very dangerous in email
\.vb[es]$    Visual Basic Scripts are dangerous in email
\.ws[cfh]$    Windows Script Host files are dangerous in email
\.xnk$    Microsoft Exchange Shortcuts are dangerous in email
\s{10,}    A long gap in a name is often used to hide part of it
\{[a-hA-H0-9-]{25,}\}    Files containing CLSID's are trying to hide their real type

 

Dateitypen

ELF     No programs allowed
executable     No programs allowed
Registry     No Windows Registry files allowed
sel-extract     No self-extracting archives allowed


Kommentare (0)