Blocked file runs in SecureBat Lite?

Discussion in 'WormGuard' started by steverio, Aug 12, 2004.

Thread Status:
Not open for further replies.
  1. steverio

    steverio Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    161
    I'm curious....I blocked .eml files in the "Blocked List Editor" then I opened a received attachment .eml message in "SecureBat Lite" without being blocked by WG. WG will detect the same file outside of its directory and block it. I don't understand why this is if I have the file ext blocked. Am I doing something incorrect here?
     
  2. steverio

    steverio Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    161
    An update:

    I tested opening another file attachment in securebat that I temporarily made WG blocked (.doc). The result was "blocked by WG". I'm still not completely sure why the other WG blocked .eml ext. didn't get blocked in this way. I'm not worried though. I think if the file was a real threat to a system, it would most likely be detected by my WG, TDS-3, PG and NOD32. :)
     
  3. steverio

    steverio Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    161
    Further update:

    It seems it's a one-man show here but I'm happy to announce that the problem with the WG .eml blocked file that was opening up as an attachment without WG restriction in securebat is corrected. I decided to re-install sb which seemed to correct the problem. WG now functions in sb restricting .eml file execution. I had also changed PG in learning mode and added sb to the apps before I tested.

    Note: When the .eml file was being allowed to open in sb, it did warn me upon opening potentially dangerous attachments and then let me decide if I should scan/check it out first. Now that things are working again WG is beating sb to the punch in displaying a warning.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Gosh, i was sound asleep during your one-man show, sorry i missed the live version, fortunately i can read the replay. That's with those international time zones eh?
    Anyway, glad you solved it. Could have thought the email attachment could have been something like email.eml.zip which would have given a double extension warning and one for the zip and i would expect one for the blocked eml if you went on trying to open it. But you solved it in the meantime.
    It looks deeper into the source of the attachment itself too.
     
Thread Status:
Not open for further replies.