[TUTORIAL] dangerous filetype extensions

Lebedev

Member
Oct 13, 2019
13
4
8
52
Not excactly a tutorial, but i noticed that the predefined list of dangerous filetypes was extremely small, it only includes five filetypes. Yes, i am aware, that other filetypes are covered be the predefined Content Type Filters (MIME types).


pmg_dangerous_extensions.png


Here's a bigger list of filetypes, that can include executable code or pose a threat in other ways. A lot of them are not covered by the predefined Content Type Filters in the Dangerous Content Object. I would appreciate, if the proxmox guys would extend the predefined list in future releases :)

Please note, that also certificates are also included (.crt and .der). Certificate-files can pose a threat, if installed as trusted certificate. Unknowing users could be mislead by attackers.


.386
.3gr
.add
.ade
.appcontent-ms
.asp
.bas
.bat
.cer
.chm
.class
.cmd
.cnt
.com
.cpl
.crt
.dbx
.der
.diagcab
.dll
.exe
.fon
.grp
.hlp
.hpj
.hta
.inf
.ins
.isp
.jar
.jnlp
.js
.jse
.lnk
.mcf
.mdb
.mde
.msc
.msh
.msh1
.msh1xml
.msh2
.msh2xml
.mshxml
.msi
.msp
.mst
.msu
.ocx
.pcd
.pif
.pl
.printerexport
.ps1
.ps1xml
.ps2
.ps2xml
.psc1
.psc2
.psd1
.psdm1
.py
.pyc
.pyo
.pyw
.pyz
.pyzw
.reg
.scf
.scr
.sct
.settingcontent-ms
.shb
.shs
.theme
.url
.vb
.vbe
.vbp
.vbs
.vxd
.website
.ws
.wsc
.wsf
.wsh
.xbap
.xll
.xnk
 
  • Like
Reactions: hata_ph

Lebedev

Member
Oct 13, 2019
13
4
8
52
.*\.(386|3gr|add|ade|appcontent-ms|asp|bas|bat|cer|chm|class|cmd|cnt|com|cpl|crt|dbx|der|diagcab|dll|exe|fon|grp|hlp|hpj|hta|inf|ins|isp|jar|jnlp|js|jse|lnk|mcf|mdb|mde|msc|msh|msh1|msh1xml|msh2|msh2xml|mshxml|msi|msp|mst|msu|ocx|pcd|pif|pl|printerexport|ps1|ps1xml|ps2|ps2xml|psc1|psc2|psd1|psdm1|py|pyc|pyo|pyw|pyz|pyzw|reg|scf|scr|sct|settingcontent-ms|shb|shs|theme|url|vb|vbe|vbp|vbs|vxd|website|ws|wsc|wsf|wsh|xbap|xll|xnk)
 
  • Like
Reactions: hata_ph

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!