Double Extension Permission

Anders Andersson, IT anders.andersson at LTKALMAR.SE
Tue Dec 7 11:59:46 GMT 2004 

    [ The following text is in the "ISO-8859-2" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
> On 7/12/04 10:35 am, "Anders Andersson, IT" 
> wrote:
> >> -----Original Message-----
> >> From: MailScanner mailing list
> >> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
> >> Sent: Tuesday, December 07, 2004 9:57 AM
> >> To: MAILSCANNER at JISCMAIL.AC.UK
> >> Subject: Re: Double Extension Permission
> >> 
> >> On 6/12/04 4:40 pm, "Marcin Ro¿ek" <marcin.rozek at IOS.EDU.PL> wrote:
> >>> Ed Bruce wrote:
> >>>> Marcin Ro¿ek wrote:
> >>>> 
> >>>>> Thom Paine wrote:
> >>>>> btw - is this really should be turned on by default? I 
> mean, if a 
> >>>>> virus sends its copy as eg. document.doc.pif, i will be blocked 
> >>>>> because of having .pif extension...
> >>>>> Just my thought...
> >>>> I think this site has a good explanation why you want to 
> stop most 
> >>>> double extensions:
> >>>> 
> >>>> http://www.cknow.com/vtutor/vtextensions.htm
> >>> Yes, i know. But i think that when we ban 'all' dangerous
> >> extensions,
> >>> eg .vbs/.exe/.reg/etc all files that have double extensions eg.
> >>> something.doc.exe will be actually blocked.
> >>>  From my own experience i can say, that many people use dots in 
> >>> filenames that they send in e-mails and that files eg.
> >>> document.eng.doc  ('eng' from
> >>> 'english')
> >>> are stopped by default rules.
> >>> Ofcourse this rule can be simply turned off, but maybe it 
> could be 
> >>> turned off by default as, in my opinion, it more hurts than helps.
> >>> Or...?
> >> 
> >> Most people like this rule. Do you know the original 
> reason I wrote 
> >> it?
> >> Purely to demonstrate what could be done in a filename 
> rule, to show 
> >> that it wasn't just a list of banned extensions like the 
> commercial 
> >> products can do, but that it was actually a powerful feature which 
> >> could do a whole lot more.
> >> 
> >> To my surprise, everyone went with it. I guess it is 
> rather useful to 
> >> most sites. But if you don't like it then change it. It's 
> staying in 
> >> the default rules for the reason I wrote it in the first place. 
> >> That's why none of this stuff is hard-coded, you adapt 
> MailScanner to 
> >> your site, not the other way round (talk to a SAP user 
> about that!).
> > 
> > I think it's a good thing its on by default but I wouldnt 
> complain if 
> > the default rules changed so they only go for last 
> extension. To many 
> > ppl use dots early in filenames for different reasons but 
> thats just 
> > just what I think  :)
> 
> Which is exactly why it only looks at the last 6 characters 
> or so when looking for a double extension.
I didnt know that since Im a perl idiot  :)
Then the only onr I would like to change default on is doc since loads of ppl start their document with a sentence and according to "Bill" that
will be the filename. Not smart for us but maybe something to consider. Hmm, might be the same with powerpint as well?

/Anders

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list