Filtering on filename extensions

[Q G Campbell]

[snip]
> As an attempt to answer my own question I am going to try, 
> taking the excerpt from my modified filename.rules.conf file:
> 
> ...
> # Deny all other double file extensions....
> deny   \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$
> # but
> allow  \.[a-z][a-z0-9]{2,3}\.doc$
> 
> # These 2 are well known...
> ...   

A colleague looked at the code that processes the filename.rules.conf
file and has pointed out that the above will not work.

The rule matching terminates at the first successful match in the conf
file. Thus the way to ensure that "blah.rtf.doc" and "blah.doc.rtf" are
not blocked (if they are virus free) is to add "\.doc$" and "\.rtf$\" to
the list of allowed file extensions. 

Which begs the question as to why these two common file extensions are
not already there given that an attachment with a repeated file
extension is scanned for viruses anyway?

Quentin