File types that can be bypassed during virus scans

External Since: Aug 05, 2005 Posts: 424

Can the following file types pose a threat to systems running Win-98
if they are indeed viral but are bypassed during virus scans:

*.jpg
*.gif
*.tif
*.bmp
*.txt
*.cdr (corel draw files)
*.crw (raw image files for Canon digital cameras)
*._dd (checkdisk or ndd file fragments)
*.pdf
*.hlp
*.mdb
*.xls (if running Office 2000 Premium SR1 fully updated via
micro$loth's office update, what threats do .xls or .doc
files pose at this point? Powerpoint files?)
*.mix (microsoft photo-draw picture?)
*.mpg (any known vulnerability in .mpeg, .mov, or .avi files?)
*.avi
*.mov
*.cab
*.wav

I know that any virus or trojan can be packaged or stored in any file
with any file extension, and that files with extensions com, exe, scr,
vbs, etc mean something very specific when handed over to the OS (like
execution vs opening with a linked viewer).

For example, if a .txt file is viral, and if it is "activated" by some
means (double-clicking on it, or auto-opening in a preview pane in
Outlook, etc) then in the case of .txt files that activation usually
means to open it in wordpad or notepad. So can a viral payload in a
..TXT file be activated by opening with the standard viewer?

I pose the same question for all the above file types. Can activation
or opening of any of the above with the standard viewing or linked
program cause an imbedded viral payload to be run or executed?

If the answer depends on the OS, then the OS in question is Win 98se
running MS office 2000 Premium SR1.

(don't bother to reply if your answer is to simply scan all files,
because that tells me nothing about how to configure NAV to bypass
files that pose no threat but can trememdously increase system scan
times needlessly).

External Since: Jul 04, 2003 Posts: 1719

*.jpg <--- Yes
*.gif <-- No
*.tif <-- No
*.bmp <-- No
*.txt <-- No
*.cdr (corel draw files) <-- No
*.crw (raw image files for Canon digital cameras) <-- No
*._dd (checkdisk or ndd file fragments) <-- No
*.pdf <-- Yes
*.hlp <-- Yes
*.mdb <-- Yes
*.xls (if running Office 2000 Premium SR1 fully updated via
micro$loth's office update, what threats do .xls or .doc
files pose at this point? Powerpoint files?)
*.mix (microsoft photo-draw picture?) <-- Yes
*.mpg (any known vulnerability in .mpeg, .mov, or .avi files?) <-- No
*.avi <-- No
*.mov <-- No
*.cab <-- Yes
*.wav <-- No

The following is the McAfee ENGINE v4400 Default File extension scan list...

DL? EX? ACM ADE ADP ADT AP? ASA ASD ASP AX? B64 BA? BIN BMP

BO? CGI CC? CDX CEO CHM CLA CMD CNV CO? CPL CPT CPY CRT CSC

CSS DAT DEV DOC DOT DRV EE? EFV EML FDF FMT FO? FPH FPW GWI

HDI HHT HLP HT? HWD IM? IN? ISP ITS JAR JP? JS? LGP LNK LWP

LIB M3U MBR MB0 MB1 MB2 MD? MHT MOD MPD MRC MS? NEW NWS OB?

OC? OL? OV? PCD PCI PD? PF? PHP PI? PLG PRC QLB QPW QTC RAR

REG RMF RTF SCR SCT SH? SIS SMM SPL SRF SYS SWF TFT TLB TSP

VBS VB? VVV VWP VXD URL UNP WIZ WMV WP? WRL WRZ WS? X32 XML

XRF XSL XTP XX? ZI? Z0M ZL? ZZZ 001 002 386 3GR {?? ACE ARC

ARJ BZ? CAB COM EXE ICE LZH NAP PPZ TAR TAZ TBZ TD0 ZIP Z??

GZ? TGZ ??_ DO? XL? CDR CSV D?B DIF DQY GF? GIM GIX GMS GNA

GW? ICS IQY MPP MPT MSG MSO OLE OTM PDF POT PP? PWZ QQY RQY

SKV SLK UUU VS? WBK WRI

BTW: Office 2000 is at SP3 level.

--
Dave

"Virus Guy" <Virus.TakeThisOut@Guy.com> wrote in message news:4214B340.63B711ED@Guy.com...
| Can the following file types pose a threat to systems running Win-98
| if they are indeed viral but are bypassed during virus scans:
|
| *.jpg
| *.gif
| *.tif
| *.bmp
| *.txt
| *.cdr (corel draw files)
| *.crw (raw image files for Canon digital cameras)
| *._dd (checkdisk or ndd file fragments)
| *.pdf
| *.hlp
| *.mdb
| *.xls (if running Office 2000 Premium SR1 fully updated via
| micro$loth's office update, what threats do .xls or .doc
| files pose at this point? Powerpoint files?)
| *.mix (microsoft photo-draw picture?)
| *.mpg (any known vulnerability in .mpeg, .mov, or .avi files?)
| *.avi
| *.mov
| *.cab
| *.wav
|
| I know that any virus or trojan can be packaged or stored in any file
| with any file extension, and that files with extensions com, exe, scr,
| vbs, etc mean something very specific when handed over to the OS (like
| execution vs opening with a linked viewer).
|
| For example, if a .txt file is viral, and if it is "activated" by some
| means (double-clicking on it, or auto-opening in a preview pane in
| Outlook, etc) then in the case of .txt files that activation usually
| means to open it in wordpad or notepad. So can a viral payload in a
| .TXT file be activated by opening with the standard viewer?
|
| I pose the same question for all the above file types. Can activation
| or opening of any of the above with the standard viewing or linked
| program cause an imbedded viral payload to be run or executed?
|
| If the answer depends on the OS, then the OS in question is Win 98se
| running MS office 2000 Premium SR1.
|
| (don't bother to reply if your answer is to simply scan all files,
| because that tells me nothing about how to configure NAV to bypass
| files that pose no threat but can trememdously increase system scan
| times needlessly).