Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 961

POP3:EXT:DOT-VBE
POP3:EXT:DOT-VBS
POP3:EXT:DOT-WMF
POP3:EXT:DOT-WSC
POP3:EXT:DOT-WSF
POP3:EXT:DOT-WSH
POP3:EXT:DOT-ZIP
Copyright © 2010, Juniper Networks, Inc.
This signature detects e-mail attachments with the
extension .vbe received via POP3. This may indicate an
incoming e-mail virus. .VBEs (VBScript Encoded Script File)
contain scripts. Attackers may create malicious scripts,
tricking the user into executing the file and infecting the
system.
This signature detects e-mail attachments with the
extension '.vbs' sent via POP3. This may indicate an incoming
e-mail virus. VBSs (Visual Basic files) contain one or more
executable scripts. Attackers may create malicious VB files,
tricking the user into executing the file and infecting the
system.
This signature detects Metafiles files sent over POP.
Windows Metafiles and Enhanced Metafiles files can exploit
a Windows GDI vulnerability and may be exploited by
malicious users to deposit instructions or arbitrary code on
a target's system. User involvement is required to activate
Metafiles; typically they are attached to a
harmless-appearing e-mail message.
This signature detects e-mail attachments with the
extension .wsc received via POP3. This may indicate an
incoming e-mail virus. .WSCs (Windows Script Component)
contain scripts. Attackers may create malicious scripts,
tricking the user into executing the file and infecting the
system.
This signature detects e-mail attachments with the
extension .wsf received via POP3. This may indicate an
incoming e-mail virus. .WSFs (Windows Script File) contain
scripts. Attackers may create malicious scripts, tricking the
user into executing the file and infecting the system.
This signature detects e-mail attachments with the
extension .wsh received via POP3. This may indicate an
incoming e-mail virus. .WSHs (Windows Script Host Settings
File) contain configuration parameters. Attackers may create
malicious configurations, tricking the user into executing the
file and infecting the system.
This signature detects e-mail attachments with the
extension .zip received using POP3. This may indicate an
incoming e-mail virus. Zip files are compressed files that can
contain one or more executables. Attackers may compress
malicious executables within a .zip file, tricking unsuspecting
users into executing the file and infecting the system.
Because Zip files are frequently used for non-malicious
purposes, this signature can generate false positives. As a
general network security precaution, ensure that all users
are aware of the dangers of sending and receiving binary
files in e-mail attachments.
Appendix E: Log Entries
high sos5.1.0
high sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.1.0
low sos5.1.0
911