filename rules questions/suggestions

Thu Sep 25 19:42:40 IST 2003

On Thursday 25 September 2003 7:25 pm, Bob Jones wrote:

> Hey all.  We're running the latest version of MailScanner and love the
> results so far.  However, today a user had a problem that got my boss
> and I looking more deeply at the filename blocking ruleset.  The problem
> was that the user tried to send a doc named something.mld.doc and this
> was rejected because of the .mld in the filename.

Hi.

I've snipped the rest of the original posting for brevity in my reply;
however the rest contained completely appropriate and good points.

My question in response, however, is: Why bother blocking "hidden" filenames
at all, unless they're already blocked by the standard filename extension
rules?

For example:

1. A file called something.mld.doc should be allowed, because neither .mld
nor .doc are considered dangerous.   So long as you're also doing anti-virus
checking, you can be reasonably happy the document doesn't contain a macro
virus.

2. A file called something.doc.exe should be blocked, but I think it should
be blocked because it ends in .exe (for which there is already a rule), not
because it ends in .abc.xyz (if you see what I mean).

3. A file called something.exe.doc should (in my opinion) be allowed, because
Windows is going to interpret it as a Word document, and try to open it using
Word.   If someone happens to have created a Word document and used .exe as
part of the filename before the .doc extension, then it's unusual, but it's
not a problem.   Even if the file really is an executable, then opening it in
Word isn't going to cause any problems either - it'll just result in rubbish
characters being shown on the screen, or an error message that Word cannot
recognise the file format.

Therefore I see no good reason to block files just because they happen to end
in two three-character extensions (and I have disabled this rule on my
systems).

What is important is the last extension - that's the one which Windows will
use when auto-opening things etc. - and those get blocked by the standard
extension rules anyway.

Hope this helps you to reconsider whether there's a simpler solution to your
question?

Antony.

--

In Heaven, the police are British, the chefs are Italian, the beer is
Belgian, the mechanics are German, the lovers are French, the entertainment
is American, and everything is organised by the Swiss.

In Hell, the police are German, the chefs are British, the beer is American,
the mechanics are French, the lovers are Swiss, the entertainment is Belgian,
and everything is organised by the Italians.