Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 954

Network and Security Manager Administration Guide
SMTP:EXT:DOT-COM
SMTP:EXT:DOT-CPL
SMTP:EXT:DOT-CRT
SMTP:EXT:DOT-EXE
SMTP:EXT:DOT-GRP
SMTP:EXT:DOT-HLP
SMTP:EXT:DOT-HT
SMTP:EXT:DOT-INF
904
This signature detects e-mail attachments with the
extension '.com' sent via SMTP. This may indicate an
incoming e-mail virus. .COMs (executable files) contain one
or more scripts. Attackers may create malicious executables,
tricking the user into executing the file and infecting the
system.
This signature detects e-mail attachments with the
extension '.cpl' sent via SMTP. This may indicate an incoming
e-mail virus. CPLs (Control Panel eLements) are standard
Microsoft Windows files that contain Windows Control Panel
settings. Attackers may hide malicious executables within
a CPL file, tricking users into executing the file and infecting
the system.
This signature detects e-mail attachments that have the
extension .crt and sent received via SMTP. Because .CRTs
(Security Certificate) files can contain executable code, this
may indicate an incoming e-mail virus. Attackers may create
malicious executable code, tricking users into executing the
file and infecting the system.
This signature detects e-mail attachments with the
extension '.exe' sent via SMTP. This may indicate an incoming
e-mail virus. .EXEs (executable files) contain one or more
scripts. Attackers may create malicious executables, tricking
the user into executing the file and infecting the system.
This signature detects GRP files sent over SMTP. GRP files
can contain Windows Program Group information, and may
be exploited by malicious users to deposit instructions or
arbitrary code on a target's system. User involvement is
required to activate GRP files; typically they are attached to
a harmless-appearing e-mail message.
This signature detects e-mail attachments that have the
extension .hlp and sent received via SMTP. Because .HLPs
(Help File) files can contain macros, this may indicate an
incoming e-mail virus. Attackers may create malicious
scripts, tricking users into executing the macros and infecting
the system.
This signature detects e-mail attachments with the
extension '.ht' sent via SMTP. This may indicate an incoming
e-mail virus or other attack. HT files contain configuration
information for the Hyperterm console program, shipped
with every Windows operating system since Windows 95. It
is the default handler program for .ht files. A recent
vulnerability in Hyperterm could allow an attacker to take
control of your computer via an infected .ht file. These files
are not normally sent via e-mail.
This signature detects e-mail attachments that have the
extension .inf and were sent via SMTP. Because .INFs (Setup
Information) files contain scripts, this may indicate an
incoming e-mail virus. Attackers may create malicious
scripts, tricking users into executing the file and infecting the
system.
medium sos5.1.0
medium sos5.1.0
low sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
Copyright © 2010, Juniper Networks, Inc.