Double Extension Permission
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Tue Dec 7 13:12:03 GMT 2004
The problem is Microsoft's insane file extension hiding. Apart from
being a simple exploit vector (e.g. abc.txt.exe with a default "text"
icon), it also confuses end users when they create documents. So here
we see loads of xyz.doc.doc and xyz.dot.doc files flying past.
I'll believe that Microsoft takes security seriously if and only if it
issues patches to permanently disable that misfeature.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
> Sent: 07 December 2004 12:19
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Double Extension Permission
>
> I have had the double extension rule turned off ever since
> you introduced it. People howl if I turn it on. But I would
> like to have it on if I could.
>
> Jeff Earickson
> Colby College
>
> On Tue, 7 Dec 2004, Julian Field wrote:
>
> > Most people like this rule. Do you know the original reason
> I wrote it?
> > Purely to demonstrate what could be done in a filename
> rule, to show
> > that it wasn't just a list of banned extensions like the commercial
> > products can do, but that it was actually a powerful
> feature which could do a whole lot more.
> >
> > To my surprise, everyone went with it. I guess it is rather
> useful to
> > most sites. But if you don't like it then change it. It's
> staying in
> > the default rules for the reason I wrote it in the first
> place. That's
> > why none of this stuff is hard-coded, you adapt MailScanner to your
> > site, not the other way round (talk to a SAP user about that!).
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Buy the MailScanner book at www.MailScanner.info/store
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > ------------------------ MailScanner list
> ------------------------ To
> > unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list