10-26-2016 04:51 AM
Hello, I am getting lot of files (worms) through smtp as vbs file which are put to zip file. This zip file is not encrypted. How can I block this threat.?
11-03-2016 12:59 PM
@PaloAlto
How do we request .vbs file extensions be added to the list of known file types within the file blocking function? VBE files are available but we're seeing the VBS extension.
Thanks!
11-03-2016 02:53 PM
Hi!
I believe that we don't support file type, because it does not have a special magic number to identify the content of the file as VBS. If we use the "file" command in a linux box for a VBS file type, we get the following result:
"ASCII text, with CRLF line terminators"
It would be great if you can open a TAC case and provide a zipped file (password protected - important!) containing VBS. A threat specialist can look into this and may be, we could create an IPS signature to detect VBS file within a zipped file.
Best regards,
Haytham
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
