Allow multiple filename extensions?

Derek Winkler dwinkler at ALGORITHMICS.COM
Fri Jul 11 16:44:51 IST 2003

Comment out.

If you change it to allow, it will allow anything with a double extension.

I added some extensions that should be allowed whether doubled or not above
this rule and left it as deny.

I've really been trying to talk everyone into a list of extensions to allow
and deny everyting else.

-----Original Message-----
From: Jeff Falgout [mailto:JFalgout at]
Sent: Friday, July 11, 2003 11:27 AM
Subject: Re: Allow multiple filename extensions?

>>> Tom Combs <combs at> 7/11/2003 7:58:13 AM >>>
>  I'm not clear on the need for denying multiple filename extensions.
>  It seems if an attachment contained a virus, it would be checked by
>  the virus scanner and either caught or cleared regardless of the
>  extension.  Does having multiply filename extensions somehow
>  circumvent this process?
>  I'm considering dropping this ruleset:
>deny    \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible
filename hiding
                        Attempt to hide real filename extension

Would the proper way to allow double extensions be to change the "deny"
"allow" or comment out the line?

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list