Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 967

POP3:EXT:DOT-BAS
POP3:EXT:DOT-BAT
POP3:EXT:DOT-CHM
POP3:EXT:DOT-CMD
POP3:EXT:DOT-COM
POP3:EXT:DOT-CPL
POP3:EXT:DOT-CRT
POP3:EXT:DOT-EXE
Copyright © 2010, Juniper Networks, Inc.
This signature detects e-mail attachments that have the
extension .bas and were received via POP3. Because .BASs
(Microsoft Visual Basic Class Module) files contain
executable code, this may indicate an incoming e-mail virus.
Attackers may create malicious executables, tricking users
into executing the file and infecting the system.
This signature detects e-mail attachments with the
extension '.bat' received via POP3. This may indicate an
incoming e-mail virus. .BATs (executable files) contain one
or more scripts. Attackers may create malicious executables,
tricking the user into executing the file and infecting the
system.
This signature detects e-mail attachments that have the
extension .chm and were received via POP3. Because .CHMs
(Compiled HTML Help File) files can contain scripts, this
may indicate an incoming e-mail virus. Attackers may create
malicious scripts, tricking users into executing the files and
infecting the system.
This signature detects e-mail attachments with the
extension '.cmd' sent via POP3. This may indicate an
incoming e-mail virus. CMD files contain commands that
when executed can cause significant damage to a windows
system.
This signature detects e-mail attachments with the
extension '.com' received via POP3. This may indicate an
incoming e-mail virus. .COMs (executable files) contain one
or more scripts. Attackers may create malicious executables,
tricking the user into executing the file and infecting the
system.
This signature detects e-mail attachments with the
extension '.cpl' received via POP3. This may indicate an
incoming e-mail virus. CPLs (Control Panel eLements) are
standard Microsoft Windows files that contain Windows
Control Panel settings. Attackers may hide malicious
executables within a CPL file, tricking users into executing
the file and infecting the system.
This signature detects e-mail attachments that have the
extension .crt and were received via POP3. Because .CRTs
(Security Certificate) files can contain executable code, this
may indicate an incoming e-mail virus. Attackers may create
malicious executable code, tricking users into executing the
file and infecting the system.
This signature detects e-mail attachments with the
extension '.exe' sent via POP3. This may indicate an incoming
e-mail virus. EXEs (Executable files) contain one or more
scripts. Attackers may create malicious executables, tricking
the user into executing the file and infecting the system.
Appendix E: Log Entries
low sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
medium sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
917