Filename.rules.conf - CLSID false positive
Jason Burzenski
jburzenski at AMERICANHM.COM
Tue Apr 27 14:30:35 IST 2004
Has anyone else encountered any false positives with this filename rule?
# Deny filenames ending with CLSID's
deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type
Files containing CLSID's are trying to hide their real type
I have a vendor who sends PDF files that look like:
138139_{8B5AC3AF-BE17-4A06-BB98-790FA5C00C9B}.pdf
I researched the CLSID vulnerability and it seems that it is only effective
when tagged at the end of the filename, after the extension. I am
considering revising this regex to something like:
\{[a-hA-H0-9-]{25,}\}$
Does anyone see any danger in this change?
Thanks
Jason
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at http://www.mailscanner.biz/maq/ and the archives
at http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040427/64217892/attachment.html
More information about the MailScanner
mailing list