What appears below was extracted from here: http://www.symantec.com/avcenter/venc/data/w32.frethem.a@mm.html OK, so my question is can I use wild cards to identify file names (including the extension) in WormGuard's Blocked-List Editor? For example, could I use www..freedesktopthemes*.* in this particular case? I mean, I know that I can because I did it and WormGuard didn't reject it, but will it achieve the desired objective is really what I'm asking? (I've never been a morning person!) Thanks.
I don't see it in the WG/Helpfile; just thinking you must be able to test such a thing by creating a test file with such a name with your notepad for instance if you make a blocking for that name freedesktopthemes12345.vbs and inside a text like this: Msgbox "This is a VBS script running" "delete file" (this line might cause problems, so you can leave it out or make it looking real with a word like "Infect file" as WG loves to block such warnings) As you have this blocked freedesktopthemes*.* (make one extra without that www. in the name) and see what happens if you click that new created testfile; if it runs the messagebox jumps up, if it is blocked WG will give a message. With that, in case you can run it, it could be the *.* would not be working, and at least you know it now for sure if it does or not. Good luck.
I did a test and test*.vbs and test* both failed to catch my testXXX.vbs file so I don't think wild cards are supported. I bet it isn't too late to ask for that in WG4 though. I'll pose this question in the private forum.
Thanks Jooske and Unicron for your responses. I had a gut feeling that WG's Block-List Editor would not support wild cards, but I was encouraged when the addition of the file name containing the wild cards was not rejected by WG. I should have thought of testing it myself but, as I said, I'm not a morning person and it simply didn't occur to me. In any event, I have requested in the private forum that the addition of this feature be considered for WG4. Thanks again. PS. Sorry about the toilet paper thing in the other thread Jooske. Must be Canadian humour since AH got a chuckle out of it too.
Nothing to be sorry for, you can wipe your tears of laughing off with it at least? Glad to be of help!
The idea Of creating your own signature files in wormguard has been thought of. I was thinking of just taking the virus lists from other software and adding the names to wormguard What we need is a program that can generate all possible combinations of names and ad that to the signature databases.
this moment you can do all that if you like, the adding of names i mean, but the wildcarts will not be working yet. I don't see the real need as the executables are but a relative few of extensions at the moment, but as you will not like to block for instance all *.exe files, you would certainly not put those in the blocked extensions list, but in certain combinations of infections, same with others. But it doesn't just look at names, but has other ways of detection, so don't worry too much about this point. Do you run WG as well Controler? Did you think of/try to put the URL in your HOSTS file and pointing it to your local host? there is so mauch written about HOSTS file(s) in other parts of this board, there will certainly be good answers on how to. Just as an extra prevention which you can of course use for more sites you want to block.
It has been confirmed by Wayne that wildcards will either be function in the WG4 release, or in an update if they choose to give WG4 out before adding some of the wish list stuff. So there ya have it BC.
Well, thank you so much AH. The folks at DiamondCS are just sooooooooo... accommodating. Now, if they could only make WG's GUI a little more user friendly. There's just no pleasing some people, is there!!!
