Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 968

Network and Security Manager Administration Guide
POP3:EXT:DOT-GRP
POP3:EXT:DOT-HLP
POP3:EXT:DOT-HT
POP3:EXT:DOT-HTA
POP3:EXT:DOT-INF
POP3:EXT:DOT-INS
POP3:EXT:DOT-ISP
918
This signature detects GRP files sent over POP3. GRP files
can contain Windows Program Group information, and may
be exploited by malicious users to deposit instructions or
arbitrary code on a target's system. User involvement is
required to activate GRP files; typically they are attached to
a harmless-appearing e-mail message.
This signature detects e-mail attachments that have the
extension .hlp and were received via POP3. Because .HLPs
(Help File) files can contain macros, this may indicate an
incoming e-mail virus. Attackers may create malicious
scripts, tricking users into executing the macros and infecting
the system.
This signature detects e-mail attachments with the
extension '.ht' sent via POP3. This may indicate an incoming
e-mail virus or other attack. HT files contain configuration
information for the Hyperterm console program, shipped
with every Windows operating system since Windows 95. It
is the default handler program for .ht files. A recent
vulnerability in Hyperterm could allow an attacker to take
control of your computer via an infected .ht file. These files
are not normally sent via e-mail.
This signature detects e-mail attachments with the
extension .hta received using POP3. This may indicate an
incoming e-mail virus. HTA files are HTML application files
that can be executed by a web browser. Generally, HTA files
are not sent via e-mail. As a general network security
precaution, ensure that all users are aware of the dangers
of sending and receiving binary files in e-mail attachments.
This signature detects e-mail attachments that have the
extension .inf and were received via POP3. Because .INFs
(Setup Information) files contain scripts, this may indicate
an incoming e-mail virus. Attackers may create malicious
scripts, tricking users into executing the file and infecting the
system.
This signature detects e-mail attachments that have the
extension .ins and were received via POP3. Because .INSs
(Internet Naming Service) files contain configuration
parameters, this may indicate an incoming e-mail virus.
Attackers may include malicious configurations, tricking
users into executing the file and infecting the system.
This signature detects e-mail attachments that have the
extension .isp and were received via POP3. Because .ISPs
(Internet Communication Settings) files contain
configuration parameters, this may indicate an incoming
e-mail virus. Attackers may include malicious configurations,
tricking users into executing the file and infecting the system.
medium sos5.1.0
high sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
Copyright © 2010, Juniper Networks, Inc.