Allow multiple filename extensions?

[Antony Stone]

On Friday 11 July 2003 2:58 pm, Tom Combs wrote:

> Hello,
>
>   I'm not clear on the need for denying multiple filename extensions.
>   It seems if an attachment contained a virus, it would be checked by
>   the virus scanner and either caught or cleared regardless of the
>   extension.  Does having multiply filename extensions somehow
>   circumvent this process?
>
>   I'm considering dropping this ruleset:
>
> deny    \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
> hiding Attempt to hide real filename extension
>
>   Is this a mistake?

I have removed this rule from my systems - I am happy simply to block the
explicit final extensions which I know can be dangerous.

I look at it this way:

1. If the final extension is on my 'blocked' list, the email gets blocked and
I don't care if there was a double extension.

2. If the final extension is not on my 'blocked' list, then allow the email,
because it's not going to do anything dangerous on a Windoze machine which
acts on that final extension anyway.

If anyone knows of a reason why this could be a dangerous policy, please tell
me :)

Regards,

Antony.

--

G- GIT/E d- s+:--(-) a+ C++++$ UL++++$ P+(---)>++ L+++(++++)$ !E W(-) N(-) o?
w-- O !M V+++(--) !PS !PE Y+ PGP+> t- tv@ b+++ DI++ D--- e++>+++ h++ r@? 5?
!X- !R K--?