Double Extension Permission

Steve Swaney Steve.Swaney at FSL.COM
Mon Dec 6 16:26:43 GMT 2004 

    [ The following text is in the "ISO-8859-2" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Ed Bruce
> Sent: Monday, December 06, 2004 11:08 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Double Extension Permission
> 
> Marcin Ro¿ek wrote:
> 
> > Thom Paine wrote:
> >
> >> Is there a way to allow this site to accept these types of documents?
> >> Currently everything gets stripped off.
> >
> > Remove or comment a line in filename.rules.conf that is described as
> > "Deny all other double file extensions. This catches any hidden
> > filenames."
> >
> > btw - is this really should be turned on by default? I mean, if a
> > virus sends
> > its copy as eg. document.doc.pif, i will be blocked because of having
> > .pif
> > extension...
> > Just my thought...
> 
> I think this site has a good explanation why you want to stop most
> double extensions:
> 
> http://www.cknow.com/vtutor/vtextensions.htm
> 

We have modified one of our University clients filename.rules.conf file over
the last year to stop blocking on many common text processing extensions
that can occur when you save a Word or WordPerfect document in another
format. We have seen no harmful effects as a result and a lot of term papers
are now getting through without have to be released from Quarantine.  Below
is the end of the revised filename.rules.conf:

--------------- start --------------
# Allow filenames with double extensions ending in ".form.doc"
allow   \.form\.doc$    -       -

# Allow filenames with double extensions ending in ".wps.rtf"
allow   \.wps\.rtf$     -       -

# Allow filenames with double extensions ending in ".doc.rtf"
allow   \.doc\.rtf$     -       -

# Allow filenames with double extensions ending in ".wps.rtf"
allow   \.wps\.rtf$     -       -

# Allow filenames with double extensions ending in ".wps.doc"
allow   \.wps\.doc$     -       -

# Allow filenames with double extensions ending in ".ltr.doc"
allow   \.ltr\.doc$     -       -

# Allow filenames with double extensions ending in ".wps"
allow   \.[a-z][a-z0-9]{2,3}\s*\.wps$   -       -

# Allow repeated file extension, e.g. blah.zip.zip
allow   (\.[a-z0-9]{3})\1$      -       -

# Deny all other double file extensions. This catches any hidden filenames.
deny    \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
hiding                          Attempt to hide real filename extension

--------------- EOF --------------

Do mind the <Tab>s

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney at fsl.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list