Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 979

SMTP:EXPLOIT:MIME-TOOLS-EVADE
SMTP:EXT:DOT-386
SMTP:EXT:DOT-ADE
SMTP:EXT:DOT-ADP
SMTP:EXT:DOT-BAS
SMTP:EXT:DOT-BAT
SMTP:EXT:DOT-CHM
SMTP:EXT:DOT-CMD
Copyright © 2010, Juniper Networks, Inc.
This signature detects attempts to evade antivirus tools
such as MIME Tools, a Linux-based e-mail MIME scanner.
The MIME RFC allows for an empty boundary, but most all
mail clients use one, while many viruses will not.
This signature detects e-mail attachments that have the
extension .386 and were sent via SMTP. Because .386s (
Windows Enhanced Mode Driver) files can contain
executable code, this may indicate an incoming e-mail virus.
Attackers may create malicious executables, tricking users
into executing the file and infecting the system.
This signature detects e-mail attachments that have the
extension .ade and were sent via SMTP. Because .ADEs (
Microsoft Access Project Extension) files can contain macros,
this may indicate an incoming e-mail virus. Attackers may
create malicious scripts, tricking users into executing the
macros and infecting the system.
This signature detects e-mail attachments that have the
extension .adp and were sent via SMTP. Because .ADPs
(Microsoft Access Project) files can contain macros, this
may indicate an incoming e-mail virus. Attackers may create
malicious scripts, tricking users into executing the macros
and infecting the system.
This signature detects e-mail attachments that have the
extension .bas and were sent via SMTP. Because .BASs
(Microsoft Visual Basic Class Module) files contain
executable code, this may indicate an incoming e-mail virus.
Attackers may create malicious executables, tricking users
into executing the file and infecting the system.
This signature detects e-mail attachments with the
extension '.bat' sent via SMTP. This may indicate an incoming
e-mail virus. .BATs (executable files) contain one or more
scripts. Attackers may create malicious executables, tricking
the user into executing the file and infecting the system.
This signature detects e-mail attachments that have the
extension .chm and were sent via SMTP. Because .CHMs
(Compiled HTML Help File) files can contain scripts, this
may indicate an incoming e-mail virus. Attackers may create
malicious scripts, tricking users into executing the files and
infecting the system.
This signature detects e-mail attachments with the
extension '.cmd' sent via SMTP. This may indicate an
incoming e-mail virus. CMD files contain commands that
when executed can cause significant damage to a windows
system.
Appendix E: Log Entries
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
929