Filtering on filename extensions

Julian Field jkf at
Tue Oct 23 16:26:23 IST 2001

At 16:19 23/10/2001, you wrote:
>One consequence of this decision is that attachments containing files
>such as "proposal.rtf.doc" are now being blocked with an "Attempt to
>hide real filename extension" warning message.
>This occurs whether or not the .DOC attachment carried a virus and was
>disinfected. I don't think it should have blocked simply because of the
>filenames rules.
>In particular I would expect a message with a repeated file extension to
>be delivered, provided it passed the virus scan phase, _if_ the last
>extension was ".DOC".
>In the light of the above I would like to ask:
>  1. Is it "safe" to modify filename.rules.conf in the way I have


>  2. If it is safe, what is the best way to modify the conf file to
>achieve delivery of .DOC files.

allow   \.doc$                  -       -

Put that above the double-file-extension trap in filename.rules.conf.
Note: *Remember* to separate the fields with TAB characters, not just
spaces. Sorry about that, I need to put a better syntax checker into the
code that reads this file, to check for this.

>  3. Why are common file extensions like .DOC ignored altogether in the
>     filename.rules.conf file?

It's just a sample, I hope people at least look at it before using it on
their site. Part of the reason the double-file-extension trap is there is
to serve as an example of what *can* be done. Mind you, I wouldn't be
without it here!

We find it does produce a fair false-positive rate. However, we only get
asked once or twice a month to actually send the recipient the file out of
the quarantine. Seems most people don't actually want the attachments they
receive anyway...
Julian Field                Teaching Systems Manager
jkf at         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list