Allow multiple filename extensions?

Derek Winkler dwinkler at ALGORITHMICS.COM
Fri Jul 11 16:44:51 IST 2003


Comment out.

If you change it to allow, it will allow anything with a double extension.

I added some extensions that should be allowed whether doubled or not above
this rule and left it as deny.

I've really been trying to talk everyone into a list of extensions to allow
and deny everyting else.

-----Original Message-----
From: Jeff Falgout [mailto:JFalgout at co.jefferson.co.us]
Sent: Friday, July 11, 2003 11:27 AM
To: MAILSCANNER at jiscmail.ac.uk
Subject: Re: Allow multiple filename extensions?


>>> Tom Combs <combs at magnet.fsu.edu> 7/11/2003 7:58:13 AM >>>
>Hello,
>
>  I'm not clear on the need for denying multiple filename extensions.
>  It seems if an attachment contained a virus, it would be checked by
>  the virus scanner and either caught or cleared regardless of the
>  extension.  Does having multiply filename extensions somehow
>  circumvent this process?
>
>  I'm considering dropping this ruleset:
>
>deny    \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible
filename hiding
                        Attempt to hide real filename extension

Would the proper way to allow double extensions be to change the "deny"
to
"allow" or comment out the line?

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030711/995af1d6/attachment.html


More information about the MailScanner mailing list