SV: Regarding file extension and numerous dots

Julian Field mailscanner at ecs.soton.ac.uk
Mon Dec 16 16:03:43 GMT 2002 

At 15:30 16/12/2002, you wrote:
> > -----Ursprungligt meddelande-----
> > Från: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
> > Skickat: den 16 december 2002 11:56
> > Till: MAILSCANNER at JISCMAIL.AC.UK
> > Ämne: Re: Regarding file extension and numerous dots
> >
> >
> > At 10:40 16/12/2002, you wrote:
> > >Hi
> > >Ive just got a simple problem that might be fixed i never releases
> > >but after 2 weeks of exchange problem and still working on
> > it I need a
> > >simple answer to this.
> > >
> > >At Fri Dec 13 16:34:52 2002 the virus scanner said:
> > >    Attempt to hide real filename extension (DiagLath.bak.korr.pdf)
> > >
> > >Is there a way of making mailscanner look at the last part
> > first instead of
> > >just doing the
> > >assumtion its trying to hide the correct name?
> > >Looked at file name rules but wasnt sure how to handle this,
> > but I bet its
> > >simple to just
> > >accecpt name.ext.ext.doc etc
> >
> > Add a rule near the top that says this:
> > allow   \.pdf$  -       -
>
>Seems like something that should be default for all file extension...
>I mean, easier to handle then to learn ppl how to name there files or maybe
>its done like it is for a reason that Im missing.

The reason your DiagLath.bak.korr.pdf filename was originally blocked is 
due to another rule in the "filename.rules.conf" file, which specifically 
catches (and blocks) filenames which look like they have 2 filename 
extensions on them. In your case ".korr.pdf" is harmless, but this is a 
trick used by many viruses to try to get you to click on the attachment 
relying on Windows hiding the real filename extension (which many email 
apps do by default, particularly Microsoft ones). So they make 
"NewVirus.txt.scr" appear to just be "NewVirus.txt" which people may open, 
thinking it is just a text file and hence harmless.

If you don't like the double-file-extension trap in filename.rules.conf, 
then just comment it out.
-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list