Double Extension Permission

Lindsay Snider lindsay at pa.net
Mon Dec 6 18:55:58 GMT 2004


    [ The following text is in the "iso-8859-2" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>
> Yes, i know. But i think that when we ban 'all' dangerous extensions, eg
> .vbs/.exe/.reg/etc all files that have double extensions eg.
> something.doc.exe will be actually blocked.

We tried to come up with something that would only block double extensions
when the final extension is known to be evil.  This prevents quite a few
false positives include those listed earlier in this thread.  Here's what we
currently have:

deny \.[a-z][a-z0-9]{2,3}\s*\.(exe|com|pif|bat|vbs)$

>  From my own experience i can say, that many people use dots in filenames
> that they send in e-mails and that files eg. document.eng.doc  ('eng' from
> 'english') are stopped by default rules.
> Ofcourse this rule can be simply turned off, but maybe it could be turned
> off by default as, in my opinion, it more hurts than helps.
> Or...?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list