The Un-Official Proxomitron Forum / Proxomitron Filters / Privacy/Security/Spam / Catch Suspicious Extensions [January 11, 2009]


Post Reply 
Catch Suspicious Extensions [January 11, 2009]
Jan. 15, 2009, 11:21 AM
Post: #15
lnminente Offline
Member
****
 		Posts: 590
Joined: May 2005
Cool RE: Catch Suspicious Extensions [January 11, 2009]
The filter for taking extensions is done:
Code:
[HTTP headers]
In = FALSE
Out = TRUE
Key = "! : Take extension {ln}090116 (out)"
URL = "$SET(path=\p)$TST(path=([^/]+/)+([^.]+.([^.]+)\1)+)$SET(path=)$SET(Extension=\1)$LOG(w$DTM(c): Extension: $GET(Extension))"

I think your above filters could be resumed to the following matching code working together with the taking extension filter
Code:
$TST(extension=(hta|e(ml|xe)|hlp|jse|lnk|url|ba(s|t)|c(om|md)|vb(e|s|)|s(cr|hs)|p(if|cd)|a(d(e|      p)|nr)|c(hm|pl|rt)|i(ns|sp)|m(d(b|e)|s(c|i|p|t))|ws(f|h|c)))$LOG(R$DTM(c): Suspicious extension in \h\p)$CONFIRM(SUSPICIOUS FILE EXTENSION FOUND\n\nBlock connection to the URL below?\n\n\u\n)
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Catch Suspicious Extensions [April 21, 2008] - Guest - Aug. 27, 2008, 09:21 PM
RE: Catch Suspicious Extensions [January 11, 2009] - lnminente - Jan. 15, 2009 11:21 AM

Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication