Double File Extensions
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Jan 29 22:00:29 GMT 2003
At 21:52 29/01/2003, you wrote:
>In the process of testing, I found that a double extension can get through
>if there is a space (or multiple spaces) between the first (fake) file
>extension and the second (actual) file extension. Since a space after the
>fake file extension will probably be just as invisible as the actual file
>extension, it could be a way to sneak past the filters while getting the
>same nefarious effect. I propose that by default the last line in
>filename.rules.conf be changed to:
>
>deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename
>hiding Attempt to hide real filename extension
Good idea. It will be in the next release.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list