[TUTORIAL] dangerous filetype extensions

[Lebedev]

Not excactly a tutorial, but i noticed that the predefined list of dangerous filetypes was extremely small, it only includes five filetypes. Yes, i am aware, that other filetypes are covered be the predefined Content Type Filters (MIME types).





Here's a bigger list of filetypes, that can include executable code or pose a threat in other ways. A lot of them are not covered by the predefined Content Type Filters in the Dangerous Content Object. I would appreciate, if the proxmox guys would extend the predefined list in future releases

Please note, that also certificates are also included (.crt and .der). Certificate-files can pose a threat, if installed as trusted certificate. Unknowing users could be mislead by attackers.


.386
.3gr
.add
.ade
.appcontent-ms
.asp
.bas
.bat
.cer
.chm
.class
.cmd
.cnt
.com
.cpl
.crt
.dbx
.der
.diagcab
.dll
.exe
.fon
.grp
.hlp
.hpj
.hta
.inf
.ins
.isp
.jar
.jnlp
.js
.jse
.lnk
.mcf
.mdb
.mde
.msc
.msh
.msh1
.msh1xml
.msh2
.msh2xml
.mshxml
.msi
.msp
.mst
.msu
.ocx
.pcd
.pif
.pl
.printerexport
.ps1
.ps1xml
.ps2
.ps2xml
.psc1
.psc2
.psd1
.psdm1
.py
.pyc
.pyo
.pyw
.pyz
.pyzw
.reg
.scf
.scr
.sct
.settingcontent-ms
.shb
.shs
.theme
.url
.vb
.vbe
.vbp
.vbs
.vxd
.website
.ws
.wsc
.wsf
.wsh
.xbap
.xll
.xnk

 

[Lebedev]

.*\.(386|3gr|add|ade|appcontent-ms|asp|bas|bat|cer|chm|class|cmd|cnt|com|cpl|crt|dbx|der|diagcab|dll|exe|fon|grp|hlp|hpj|hta|inf|ins|isp|jar|jnlp|js|jse|lnk|mcf|mdb|mde|msc|msh|msh1|msh1xml|msh2|msh2xml|mshxml|msi|msp|mst|msu|ocx|pcd|pif|pl|printerexport|ps1|ps1xml|ps2|ps2xml|psc1|psc2|psd1|psdm1|py|pyc|pyo|pyw|pyz|pyzw|reg|scf|scr|sct|settingcontent-ms|shb|shs|theme|url|vb|vbe|vbp|vbs|vxd|website|ws|wsc|wsf|wsh|xbap|xll|xnk)