WG - Blocked File Types

Discussion in 'WormGuard' started by Bouch, May 1, 2002.

Thread Status:
Not open for further replies.
  1. Bouch

    Bouch Registered Member

    Joined:
    Apr 14, 2002
    Posts:
    26
    Location:
    Toronto Canada
    Hi there WormGuardians (yes, very funny UNICRON).  Having been extremely pleased with TDS-3, I decided to try WG.  When I was using (only briefly) ZA Pro 3.0, I recall that there were some 37 different filetypes (extensions) that it would detect in email attachments and automatically rename to make safe.  I notice that WG's Blocked List Editor contains only 5 filetypes to block in its default configuration, but there is provision for adding more.  I am left wondering whether 5 is sufficient ... I mean it's a long way from ZA Pro's 37.  Are there additional file types that should be added to the blocked list, and if so, which ones?
    By the way, WG and Outpost did not play well together at first, even though I exited Outpost prior to installing WG (I'm using 98SE).  With the rename option checked in Outpost's Attachments Filter, WG caused a fatal error which was then followed by a fatal error caused by Outpost.  Additionally, every time I opened WG and clicked on "Test", I would get a fatal error caused by WG.  In any event, I changed Outpost's Attachments Filter settings to "Report it" (without renaming it), and the problem has not resurfaced.
    So, what additional filetypes, if any should I add in WG's Blocked List Editor?  Thanks.

    Bob
    Licenced TDS Operator  
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Hey I vaguely remember something humorous about the term wormguardians, but I cannot remember what it was. I mean I find it funny now but I can't recall the context of how it first came up. I did a search of this board for the term and came up "el blanco." So please refresh my memory (I could use a giggle or two.)

    Anywho, about file extensions. We are talking about file extensions that will be denied execute access categorically. So only you can decide what files you will never have a use for. For instance, I use .vbs scripts so I can't block them, I use windows scripting host files so no blocking of .wsh files for me. Other people block those two right away. You might want to be careful blocking a file type that the OS uses. Stuff like .com , .bat , .sys , .reg, .ocx and so on.

    If I was to recomend some potentially damaging extensions that you will probably never use, I'd maybe start with .hta, .idq, .ida, .htw, .idc, and .printer. One of the worst and most famous IIS server vunerabilities was a .hta bug. It allowed any client to read server side code that could contain passwords to SQLserver databases. Yikes! SP2 fixed that one. I had to teach my former employer's webhost how to fix it over the phone. I did derive some satisfaction from that...snicker.

    I won't explain what each one does but they are easily researchable. From there you can start to form your own opinions on what to block and what not to.

    I hope that was readable ;)
     
  3. Bouch

    Bouch Registered Member

    Joined:
    Apr 14, 2002
    Posts:
    26
    Location:
    Toronto Canada
    Hi UNICRON!  Thanks for your reply to my query.  Clearly, I misunderstood this blocked file type thing.  I thought that it referred simply to files that arrived as attachments to emails.  No wonder it wouldn't let me block .exe files lol ... thank God it didn't let me do that!!!  I ain't gonna touch it from now on.

    Anyway, I went ahead and registered WG yesterday, and put the key file supplied by DiamondCS where it was supposed to go.  While the GUI now indicates that it's licensed to me, the warning screen still indicates that it's unlicensed software for 30-day evaluation.  I emailed support at DiamondCS who responded that it was a bug, purely cosmetic, and that I shouldn't be concerned about it.  So, I won't be, but little stuff like that bugs me, ya know.  Hopefully, 4.0 won't have the same bug.

    By the way, the wormguardian thing was definitely you.  Before my first post, I read through all the previous posts to see if my question had already been answered, and I came across your wormguardian term.  Please see the WG "Installation Blues" thread to refresh your memory.  Regards.

    Bob
    Licensed TDS Operator and Wormguardian
     
  4. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    hehe yes I find myself quite amusing sometimes.

    Sounds like a new super-hero team: its a bird, its a plane, no..... its the WormGuardians!

    Perhaps a little counter-intuitive since we would apear to guard innocent WORMS, not guard innocents FROM worms.

    Hmm perhaps MR BLAZE can help us out. He is kinda like a super-hero. I wish he'd go to med school so I can call him DR. BLAZE or "DOC-BLAZE"
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    He might like to run the MrBlaze namechange script for that again:)
    Doc-Blaze, not bad eh?

    Bob of course you can touch the WG thing and you might like to add some scpecial files if not included yet, like the goner and known names of the Klez virus /files it creates, that kind of things. Klez itself will not be very helpful, as it comes with all different names. But you get the idea.
     
Thread Status:
Not open for further replies.