Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Discussions about the Application Boundaries Enforcer (ABE) module
ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Sat Aug 29, 2015 6:37 pm

Thank you, Great software,

Firefox -> Mac, Linux, W$N

Most virus, malware enter via Browser. :evil:

I'm trying to block all malic. code
Anti-Virus test the .ext of the files.

I'm trying block:
.exe .bat .dll .sh .dmg, .cmd, .cpl, .lnk, .pif, .scr, .vbs, .vbe, .vb, .ws, .wsc, .wsf,.msi, .dll, .reg, .jse, .bas, .chm, .scf, .sct

What is the procedure?

And to protect Firefox ... .XPI?
But he don't update ?

Thank for your comments

Kind regards,
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9323
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Sat Aug 29, 2015 7:04 pm

With NoScript?

Code: Select all

Site ^(?:[0-9A-Za-z-]+tps?|wss)://.*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct)
Deny INC

(that's suposed to be all one line until Deny INC but the forum is breaking it up for some weird reason.)

If you don't even want able to download these manually/yourself, change Deny INC to just Deny

EDIT oops, forgot to say what to do with that code Image
NoScript Options > Advanced > ABE > USER
paste that in

EDIT2 fix: apply to files served over secure transfer protocols
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Sun Aug 30, 2015 12:06 am

barbaz wrote:With NoScript?

Code: Select all

Site ^(?:[0-9A-Za-z-]+tp|wss)://.*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct)
Deny INC

(that's suposed to be all one line but the forum is breaking it up for some weird reason.)

If you don't even want able to download these manually/yourself, change Deny INC to just Deny

EDIT oops, forgot to say what to do with that code Image
NoScript Options > Advanced > ABE > USER
paste that in


Yes in NoScript

Since this block most of the virus ... put your code in FAQ?

Add this to about:config noscript.ABE.rulesets.Block_Files
and add your code

Thank you for your code and comments
Ruy
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9323
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Sun Aug 30, 2015 2:49 am

My apologies, I worded part of my last post badly, please check the next edit

ruy.benton wrote:Since this block most of the virus ... put your code in FAQ?

Maybe - this is up to Giorgio. I don't think this is exactly a frequently asked question though (note that I did not know enough to even come up with the idea until reading & replying your post), but what do I know ;)
Anyway, can you please expand on that suggestion a little:
1) What question would you suggest that is understandable to even average users to which this is the answer?
2) What evidence do you have for that those file extensions are "most" of online virus? I personally have heard that it's exploits of plugins (e.g. Flash) that result in viruses, this is the first I've heard that can loading these type files to cause virus...

ruy.benton wrote:Add this to about:config noscript.ABE.rulesets.Block_Files
and add your code

No reason to create another ruleset for a rule like that. Just put it at the *very top* of USER. It's the same effect & (I think) more performance efficient than creating another ruleset because ABE processes each ruleset independently, why make it process more than needed for what will be a Deny?

ruy.benton wrote:Thank you for your code and comments

You're welcome Image
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Sun Aug 30, 2015 3:52 pm

barbaz wrote:(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct)

line 3:6 no viable alternative at character '?'

barbaz wrote:Maybe - this is up to Giorgio. I don't think this is exactly a frequently asked question though (note that I did not know enough to even come up with the idea until reading & replying your post), but what do I know ;)

Well this is my work, all day ... Servers, Computers, security and delete virus and worms ... if NoScript help ... Thank you.

barbaz wrote: Anyway, can you please expand on that suggestion a little:
1) What question would you suggest that is understandable to even average users to which this is the answer?


Simple - My computer is free - Virus, Worms ... and 1000 computers I Admin and setup :lol:

barbaz wrote: 2) What evidence do you have for that those file extensions are "most" of online virus? I personally have heard that it's exploits of plugins (e.g. Flash) that result in viruses, this is the first I've heard that can loading these type files to cause virus...


In Linux, MacOSX, W$n and many other O.S.

1 - The Ani-Virus check all files, WE or the Browser Download in ForeG. or Background ... If I have a blocker for most files ... great :D
2- /etc/hosts, resolv The root own and is read only ... I check everyday the file.
Firefox - Proxy - > I check everyday
3 - Scripts - > NoScript block most of invasions
Flash and other plugins - > in the final stage (infection) ... they Download files -> O.S. - DLL, SH, EXE, DMG ...

barbaz wrote: ... more performance efficient than creating another ruleset because ABE processes each ruleset independently, why make it process more than needed for what will be a Deny?

Thank ... save the advice


And to protect Firefox ... .XPI?

Kind Regards,
Ruy
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9323
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Sun Aug 30, 2015 4:20 pm

ruy.benton wrote:
barbaz wrote:(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct)

line 3:6 no viable alternative at character '?'

Yeah, sorry, that's supposed to be on the same line as the Site line. That's what I meant my comment about the forum breaking it up.

ruy.benton wrote:
barbaz wrote:Maybe - this is up to Giorgio. I don't think this is exactly a frequently asked question though (note that I did not know enough to even come up with the idea until reading & replying your post), but what do I know ;)

Well this is my work, all day ... Servers, Computers, security and delete virus and worms ... if NoScript help ... Thank you.

barbaz wrote: Anyway, can you please expand on that suggestion a little:
1) What question would you suggest that is understandable to even average users to which this is the answer?


Simple - My computer is free - Virus, Worms ... and 1000 computers I Admin and setup :lol:

barbaz wrote: 2) What evidence do you have for that those file extensions are "most" of online virus? I personally have heard that it's exploits of plugins (e.g. Flash) that result in viruses, this is the first I've heard that can loading these type files to cause virus...


In Linux, MacOSX, W$n and many other O.S.

1 - The Ani-Virus check all files, WE or the Browser Download in ForeG. or Background ... If I have a blocker for most files ... great :D
2- /etc/hosts, resolv The root own and is read only ... I check everyday the file.
Firefox - Proxy - > I check everyday
3 - Scripts - > NoScript block most of invasions
Flash and other plugins - > in the final stage (infection) ... they Download files -> O.S. - DLL, SH, EXE, DMG ...

Ah, so the plugin exploit isn't generally itself the virus but it's just a way to deliver & run the virus.
So you're saying that you've had personal experience with administering a LOT of computers where inclusions of files with these extensions are causing virus... so something like this Faq suggestion?
"I've seen that many viruses in the end come from native executable files & such being included by pages in an exploit scenario. I only need to download such files directly when I want, I don't ever need my browser or a plugin to display them, so how to use NoScript to block them from being embedded?"

ruy.benton wrote:And to protect Firefox ... .XPI?

I'm not sure I'm understanding this question. Sure you can add xpi to the list if you think it'd help (I think you can figure how :) ).
The main threat to Firefox with XPIs is those side-loaded by the file types already blocked by the rule as is. A page trying to install an XPI in Firefox through Firefox is going to be blocked & throw either A) a doohanger and/or B) a scary warning in the user's face when they don't expect it. So I guess whether it's worth to add it depends on who your end user is.
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Mon Aug 31, 2015 1:53 am

barbaz wrote:
ruy.benton wrote:
barbaz wrote:(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct)

line 3:6 no viable alternative at character '?'

Yeah, sorry, that's supposed to be on the same line as the Site line. That's what I meant my comment about the forum breaking it up.


Now I don't get the error but ...

For ex. if we want to block PDF ... in "https://noscript.net/abe/abe_rules.pdf"
I can block with:
Site ^(?:https|wss)://.*\.(?:pdf)
Deny

With your code:
Site ^(?:[0-9A-Za-z-]+tp|wss)://.*\.(?:pdf)
Deny

Don't work

Something is wrong ... in [0-9A-Za-z-]+tp


barbaz wrote:Ah, so the plugin exploit isn't generally itself the virus but it's just a way to deliver & run the virus.
So you're saying that you've had personal experience with administering a LOT of computers where inclusions of files with these extensions are causing virus... so something like this Faq suggestion?
"I've seen that many viruses in the end come from native executable files & such being included by pages in an exploit scenario. I only need to download such files directly when I want, I don't ever need my browser or a plugin to display them, so how to use NoScript to block them from being embedded?"



Lots of examples in many pages and blogues

I would like a plugin, to alert Firefox -> write some file in the system.
Exclude:
.cache/mozilla/firefox
and .mozilla
If he write in other parts of the File System ... is 100% a virus or ...
I'm downloading something :lol:


ruy.benton wrote:And to protect Firefox ... .XPI?

barbaz wrote:I'm not sure I'm understanding this question. Sure you can add xpi to the list if you think it'd help (I think you can figure how :) ).
The main threat to Firefox with XPIs is those side-loaded by the file types already blocked by the rule as is. A page trying to install an XPI in Firefox through Firefox is going to be blocked & throw either A) a doohanger and/or B) a scary warning in the user's face when they don't expect it. So I guess whether it's worth to add it depends on who your end user is.


Yes, most of the time I see the warning ... and we click in preferences ...
This is an example ... if you know other treats ... updates in main kernel

Thank you for your comments
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9323
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Mon Aug 31, 2015 3:48 am

ruy.benton wrote:Now I don't get the error but ...

For ex. if we want to block PDF ... in "https://noscript.net/abe/abe_rules.pdf"
I can block with:
Site ^(?:https|wss)://.*\.(?:pdf)
Deny

With your code:
Site ^(?:[0-9A-Za-z-]+tp|wss)://.*\.(?:pdf)
Deny

Don't work

Something is wrong ... in [0-9A-Za-z-]+tp

Oh phooey, I just can't get this right can I? :roll:

Code: Select all

Site ^(?:[0-9A-Za-z-]+tps?|wss)://.*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct)
Deny INC

(I forgot to apply it for these files on secure transfer protocols. I'll fix the original too.)

ruy.benton wrote:Yes, most of the time I see the warning ... and we click in preferences ...
This is an example ... if you know other treats ... updates in main kernel

When don't you see any warning when trying install extension in Firefox through Firefox?
And what do you mean "if you know other treats ... updates in main kernel"? :?:

ruy.benton wrote:Thank you for your comments

You're welcome, thank you for the explanations. 8-)
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Tue Sep 01, 2015 12:39 am

TO MODERATOR - > PLEASE MOVE THIS TO ABE SUB-FORUM



Add .com, need change:
Site ^(?:[0-9A-Za-z-]+tps?|wss)://.*/.*\.(?:gz|com)
Deny
Or he blocks all domains with .com :lol:

And if lots of dots in the file name puff

ftp ... don't work

ruy.benton wrote:Yes, most of the time I see the warning ... and we click in preferences ...
... if you know other treats ... updates in main kernel

barbaz wrote:When don't you see any warning when trying install extension in Firefox through Firefox?
And what do you mean "if you know other treats ... updates in main kernel"?


The malicious code could bypass the warning ... and install any code

"if you know other treats ... updates in main kernel"
The main part of Firefox ... the program and the lib ex: libnspr4.so, libssl3.so and many others




I would like a plugin, to alert Firefox -> write files in the system.
I can use lsof ... but lots of work

Thank you for your comments
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9323
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Tue Sep 01, 2015 1:10 am

ruy.benton wrote:TO MODERATOR - > PLEASE MOVE THIS TO ABE SUB-FORUM

SURE, DONE :arrow: :arrow:

ruy.benton wrote:Add .com, need change:
Site ^(?:[0-9A-Za-z-]+tps?|wss)://.*/.*\.(?:gz|com)
Deny
Or he blocks all domains with .com :lol:

OK try this:

Code: Select all

Site ^(?:[0-9A-Za-z-]+tps?|wss)://[^/:]+[/:].*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct|com)(?:[^0-9A-Za-z/].*)?$
Deny INC


ruy.benton wrote:And if lots of dots in the file name puff

what? :?:

ruy.benton wrote:ftp ... don't work

In what way?

ruy.benton wrote:The malicious code could bypass the warning ... and install any code

Not unless it's already got a full hold of the browser, at which point the user anyway has bigger problems than an unwanted xpi and the malicious code could do more than just bypassing the warning to and installing an xpi.

ruy.benton wrote:"if you know other treats ... updates in main kernel"
The main part of Firefox ... the program and the lib ex: libnspr4.so, libssl3.so and many others




I would like a plugin, to alert Firefox -> write files in the system.
I can use lsof ... but lots of work

Well for Windows there exists a program called sandboxie that Tom T. used to recommend (I know nothing of it myself being that I'm not a Windows user.)
Don't have any ideas for other OSes, sorry.
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Tue Sep 01, 2015 10:52 pm

barbaz wrote:
ruy.benton wrote:TO MODERATOR - > PLEASE MOVE THIS TO ABE SUB-FORUM

SURE, DONE

Thank you very much


ruy.benton wrote:Add .com, need change:
Site ^(?:[0-9A-Za-z-]+tps?|wss)://.*/.*\.(?:gz|com)
Deny
Or he blocks all domains with .com :lol:

barbaz wrote:OK try this:

Code: Select all

Site ^(?:[0-9A-Za-z-]+tps?|wss)://[^/:]+[/:].*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct|com)(?:[^0-9A-Za-z/].*)?$
Deny INC

Ex.
http://products.kaspersky-labs.com/engl ... 4en-gb.exe
I can't Download ... :D

ftp://ftp.us.dell.com/network/
Any exe ... I can Download :cry:

ruy.benton wrote:The malicious code could bypass the warning ... and install any code

barbaz wrote:Not unless it's already got a full hold of the browser, at which point the user anyway has bigger problems than an unwanted xpi and the malicious code could do more than just bypassing the warning to and installing an xpi.

Yeap and any code not only the XPI


ruy.benton wrote:I would like a plugin, to alert Firefox -> write files in the system.
I can use lsof ... but lots of work

barbaz wrote:Well for Windows there exists a program called sandboxie that Tom T. used to recommend (I know nothing of it myself being that I'm not a Windows user.)
Don't have any ideas for other OSes, sorry.


I have several products for enclose the OS and Delete the OS and FS after use ... and save only the bookmark

Ex. https://www.virtualbox.org/wiki/Screenshots

I use this in some class and college. We setup a virtual machine ... and as the class close we delete the virtual machine and copy a fresh HD.


I use BSD, MacOSX, Linux ... your main OS ... ?

Kind Regards,
Ruy
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9323
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Tue Sep 01, 2015 11:29 pm

ruy.benton wrote:Ex.
http://products.kaspersky-labs.com/engl ... 4en-gb.exe
I can't Download ... :D

ftp://ftp.us.dell.com/network/
Any exe ... I can Download :cry:

Hmm is what you want to not able to even download these manually? Then change Deny INC to Deny & remember to disable that rule when you actually want to download those type of code. (Then it is indeed useful to keep it in its own ruleset.)

ruy.benton wrote:I have several products for enclose the OS and Delete the OS and FS after use ... and save only the bookmark

Ex. https://www.virtualbox.org/wiki/Screenshots

I use this in some class and college. We setup a virtual machine ... and as the class close we delete the virtual machine and copy a fresh HD.

Oh.. yeah, I use VirtualBox too & it's awesome. I was thinking that didn't require booting another OS - for use in a VM so that can have a REALLY disposable environment.

ruy.benton wrote:I use BSD, MacOSX, Linux ... your main OS ... ?

Used to be Mac OS X Lion until recently when I had to switch to Lubuntu 14.04.
But I've played with a lot of different OSes - I've got (or had) VM's for most popular Linux distros as well as OpenBSD & NetBSD (never could make FreeBSD work). Also have a pre-built OpenSolaris VM somewhere...
*Always* check the changelogs BEFORE updating that important software!
-

ruy.benton
Junior Member
Posts: 21
Joined: Sat Aug 29, 2015 6:01 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by ruy.benton » Thu Sep 03, 2015 1:36 am

barbaz wrote:Hmm is what you want to not able to even download these manually? Then change Deny INC to Deny & remember to disable that rule when you actually want to download those type of code. (Then it is indeed useful to keep it in its own ruleset.)

I need to test your code ...

HTTP, FTP, Telnet, Gopher, Bitorrent ...

HTTP

Ex. http://products.kaspersky-labs.com/engl ... 4en-gb.exe
Block any .ext correct ... work :D

FTP
Ex.
ftp://ftp.us.dell.com/network/
Any .exe ... DON'T BLOCK ANY .EXT ... DON'T WORK :(



barbaz wrote:Used to be Mac OS X Lion until recently when I had to switch to Lubuntu 14.04.
But I've played with a lot of different OSes - I've got (or had) VM's for most popular Linux distros as well as OpenBSD & NetBSD (never could make FreeBSD work). Also have a pre-built OpenSolaris VM somewhere...


Need switch to Lubuntu in a INTEL MAC?

FreeBSD don't work? ... I have several servers ...



barbaz wrote:Oh.. yeah, I use VirtualBox too & it's awesome. I was thinking that didn't require booting another OS - for use in a VM so that can have a REALLY disposable environment.


Nooooooo ... you sug. Sandbox ...

"I would like a plugin, to alert Firefox -> write files in the system.
I can use lsof ... but lots of work"

Here is an example:
https://addons.mozilla.org/en-us/firefox/addon/priv8/



There is several Sandbox for Mac, Linux:

http://hints.macworld.com/article.php?s ... 8044558156

https://www.romab.com/ironfox/

https://l3net.wordpress.com/projects/firejail/

http://www.linux-magazine.com/Issues/2015/173/Firejail

Kind Regards,
Ruy
FreeBSD, OpenBSD, NetBSD, Solaris, Linux Administrator
IBM Mainframe
MacOSX
Cisco
Hacker, Cracker - 680XX,
Data Recover - Disks, Tapes
Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by Thrawn » Thu Sep 03, 2015 2:41 am

ruy.benton wrote:FTP
Ex.
ftp://ftp.us.dell.com/network/
Any .exe ... DON'T BLOCK ANY .EXT ... DON'T WORK :(

ABE is specifically for filtering HTTP requests. It's a web firewall, not a general-purpose one. FTP is out of scope.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0

barbaz
Senior Member
Posts: 9323
Joined: Sat Aug 03, 2013 5:45 pm

Re: Block files -> .exe .bat .dll .sh .dmg .cmd .cpl .lnk

Post by barbaz » Thu Sep 03, 2015 6:18 am

And I missed yet another detail in the rule...

Code: Select all

Site ^(?:[0-9A-Za-z-]+tps?|wss?)://[^/:]+[/:].*\.(?:exe|bat|dll|sh|dmg|cmd|cpl|lnk|pif|scr|vbs|vbe|vb|ws|wsc|wsf|msi|reg|jse|bas|chm|scf|sct|com)(?:[^0-9A-Za-z/].*)?$
Deny INC

Apparently there is also a "ws" protocol that communicates with Internet...

ruy.benton wrote:Need switch to Lubuntu in a INTEL MAC?

Yep. (Well, had to dual boot anyway, but using Lubuntu as my main OS.) I'd rather not get into the details of why here.
(see viewtopic.php?p=74942#p74942 for some of it)

ruy.benton wrote:FreeBSD don't work? ... I have several servers ...

I've tried to set up a FreeBSD VM for myself from the install CD, and I just couldn't get it going in the way I wanted... my machine doesn't have the specs to compile tons of stuff (& building things from source almost always goes wrong for me) and all I could do with FreeBSD in any case was a basic install and then use the resulting system exactly as it was. I simply could not find a way to add software to the machine, see what software was on it, or even update the machine's existing software... all the suggestions I found on the Internet failed one way or another.
I'm not looking to use FreeBSD as a server anyway. What I want to make work is the latest available FreeBSD release (at whatever time I attempt to first install it), with a graphical environment* & my favorite applications. It would be quite helpful to me if I can have proper experience with, and a VM of, the most popular *BSD distro (aside Mac OS X of course).

Oddly I didn't have very much better luck even starting with a pre-built VM that already had a desktop environment (again, I could use it "as-is" but getting other software onto it was still a problem.)

Any advice for me for next time I decide to try it again?

* Please not GNOME 3. My favorite desktop environments are LXDE and Openbox, but I can work with KDE3/Trinity, XFCE, & fvwm. I'm fine with the KDE 4+ desktop environment as well, but as much as I like the Oxygen look & certain individual KDE apps.. for the same reason I cannot use OS X > 10.7.x, let's keep the actual DE of KDE in a VM ;)

ruy.benton wrote:Nooooooo ... you sug. Sandbox ...

"I would like a plugin, to alert Firefox -> write files in the system.
I can use lsof ... but lots of work"

Well a sandbox will know everything that's written through it... so am I misunderstanding what you're wondering about?

ruy.benton wrote:There is several Sandbox for Mac, Linux:

[...]
https://l3net.wordpress.com/projects/firejail/

This link looks very interesting to me for a number of reasons. Thanks! :)

Thrawn wrote:ABE is specifically for filtering HTTP requests. It's a web firewall, not a general-purpose one. FTP is out of scope.

Oh, so it doesn't intercept any non-HTTP requests at all? I'm not aware of how ABE is implemented internally.
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply