Double File Extensions

Julian Field mailscanner at
Wed Jan 29 22:00:29 GMT 2003

At 21:52 29/01/2003, you wrote:
>In the process of testing, I found that a double extension can get through
>if there is a space (or multiple spaces) between the first (fake) file
>extension and the second (actual) file extension.  Since a space after the
>fake file extension will probably be just as invisible as the actual file
>extension, it could be a way to sneak past the filters while getting the
>same nefarious effect.  I propose that by default the last line in
>filename.rules.conf be changed to:
>deny    \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
>hiding  Attempt to hide real filename extension

Good idea. It will be in the next release.

Julian Field
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list