Double Extension Permission

Julian Field mailscanner at ecs.soton.ac.uk
Tue Dec 7 11:19:16 GMT 2004 

    [ The following text is in the "ISO-8859-2" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 7/12/04 10:35 am, "Anders Andersson, IT" <anders.andersson at LTKALMAR.SE>
wrote:
>> -----Original Message-----
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>> Sent: Tuesday, December 07, 2004 9:57 AM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: Double Extension Permission
>> 
>> On 6/12/04 4:40 pm, "Marcin Ro¿ek" <marcin.rozek at IOS.EDU.PL> wrote:
>>> Ed Bruce wrote:
>>>> Marcin Ro¿ek wrote:
>>>> 
>>>>> Thom Paine wrote:
>>>>> btw - is this really should be turned on by default? I mean, if a
>>>>> virus sends its copy as eg. document.doc.pif, i will be blocked
>>>>> because of having .pif extension...
>>>>> Just my thought...
>>>> I think this site has a good explanation why you want to stop most
>>>> double extensions:
>>>> 
>>>> http://www.cknow.com/vtutor/vtextensions.htm
>>> Yes, i know. But i think that when we ban 'all' dangerous
>> extensions, 
>>> eg .vbs/.exe/.reg/etc all files that have double extensions eg.
>>> something.doc.exe will be actually blocked.
>>>  From my own experience i can say, that many people use dots in
>>> filenames that they send in e-mails and that files eg.
>>> document.eng.doc  ('eng' from
>>> 'english')
>>> are stopped by default rules.
>>> Ofcourse this rule can be simply turned off, but maybe it could be
>>> turned off by default as, in my opinion, it more hurts than helps.
>>> Or...?
>> 
>> Most people like this rule. Do you know the original reason I
>> wrote it?
>> Purely to demonstrate what could be done in a filename rule,
>> to show that it wasn't just a list of banned extensions like
>> the commercial products can do, but that it was actually a
>> powerful feature which could do a whole lot more.
>> 
>> To my surprise, everyone went with it. I guess it is rather
>> useful to most sites. But if you don't like it then change
>> it. It's staying in the default rules for the reason I wrote
>> it in the first place. That's why none of this stuff is
>> hard-coded, you adapt MailScanner to your site, not the other
>> way round (talk to a SAP user about that!).
> 
> I think it's a good thing its on by default but I wouldnt complain if
> the default rules changed so they only go for last extension. To many ppl
> use dots early in filenames for different reasons but thats just just what I
> think  :) 

Which is exactly why it only looks at the last 6 characters or so when
looking for a double extension.
-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list