Network Security: Detailed info on Re: [ISSForum] ISSForum Digest, Vol 28, Issue 9

Subject:	Re: [ISSForum] ISSForum Digest, Vol 28, Issue 9
Date:	Tue, 23 May 2006 09:58:05 -0400

Here is help info from the PAM help file found in KB Article 2190:

Email_Executable_Extension

Description

This signature detects an email attachment that has one of the following
extensions: 386, ADE, ADP, BAS, BAT, CHM, CMD, COM, CPL, CRT, DLL, DOT,
EXE, HLP, HTA, HTML, HTM, INF, INS, ISP, JS, JSE, LNK, MDE, MSC, MSI,
MSP, MST, OCX, PCD, PIF, POT, REG, RTF, SCR, SCT, SEA, SHB, SHS, SYS,
URL, VB, VBE, VBS, WSC, WSF, WSH, XLT.

You can add more extensions or remove those of your choice.  The tuning
parameters, also found in KB 2190 help file, are:

pam.email.executable.extension.blacklist
pam.email.executable.extension.whitelist

These parameters are configured in the Global Tuning Parameters of the
policy editor.  To "whitelist" .html files from inspection in email
attachments, add the following entry:

pam.email.executable.extension.whitelist=html

PAM Help File:
https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid
=2190

Tuning Parameters for Email_Executable_Extension:

https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid
=3339


Hope this helps,
Jason

 
Confidentiality Notice: The contents of this email, all related
responses and any files and/or attachments transmitted with it are
CONFIDENTIAL and are intended solely for the use of the individual or
entity to whom they are addressed. This email may contain legally
privileged information and may not be disclosed or forwarded to anyone
else without authorization from the originator of this email. If you
have received this email in error, please notify the sender immediately
and delete all copies from your system.

-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of Bill Wharton
Sent: Monday, May 22, 2006 3:07 PM
To: issforum@atla-mm1.iss.net
Subject: Re: [ISSForum] ISSForum Digest, Vol 28, Issue 9

My proventia-G appliance has started blocking HTML attachments. Has
anybody seen this behavior?



-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of issforum-request@iss.net
Sent: Wednesday, May 17, 2006 12:00 PM
To: issforum@iss.net
Subject: ISSForum Digest, Vol 28, Issue 9

Send ISSForum mailing list submissions to
        issforum@iss.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://atla-mm1.iss.net/mailman/listinfo/issforum
or, via email, send a message with subject or body 'help' to
        issforum-request@iss.net

You can reach the person managing the list at
        issforum-owner@iss.net

When replying, please edit your Subject line so it is more specific than
"Re: Contents of ISSForum digest..."


Today's Topics:

   1. Pam.tcpprobe.issueID.portN filter (Soldatov, Sergey V.)


----------------------------------------------------------------------

Message: 1
Date: Tue, 16 May 2006 18:08:07 +0400
From: "Soldatov, Sergey V." <SVSoldatov@tnk-bp.com>
Subject: [ISSForum] Pam.tcpprobe.issueID.portN filter
To: <issforum@iss.net>
Message-ID: <ATLMAIEXCP07n5VSSFc000482fb@atlmaiexcp07.iss.local>
Content-Type: text/plain;       charset="us-ascii"

Hi,
Does anybody know if it's possible to create event filters for
user-defined TCP_Probe_* signatures?
I have a lot of signatures created by pam.tcpprobe.<issueID>.<portN>
param. Is event filter configured for that signatures working? Now I'm
not sure, because sometimes it seems that filters are working and
sometimes not.

Thanks.

---
Best regards, Sergey V. Soldatov.
Information security department.




------------------------------

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

TO CONTACT THE ISSForum MODERATOR, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

End of ISSForum Digest, Vol 28, Issue 9
***************************************

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ISSForum] ISSForum Digest, Vol 28, Issue 9, Bill Wharton Re: [ISSForum] ISSForum Digest, Vol 28, Issue 9, Reed, Jason \(ISS Texas\) <=

Previous by Date:	[ISSForum] UDP_Syslogd_BO, Soldatov, Sergey V.
Next by Date:	[ISSForum] Integration Realsecure, João Paulo Lins
Previous by Thread:	Re: [ISSForum] ISSForum Digest, Vol 28, Issue 9, Bill Wharton
Next by Thread:	[ISSForum] UDP_Syslogd_BO, Soldatov, Sergey V.
Indexes:	[Date] [Thread] [Top] [All Lists]