Double Extension Permission
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Dec 7 13:58:36 GMT 2004
I allow .xxx.xxx type extensions, so .doc.doc is fine but .dot.doc isn't.
On 7/12/04 1:12 pm, "Randal, Phil" <prandal at HEREFORDSHIRE.GOV.UK> wrote:
> The problem is Microsoft's insane file extension hiding. Apart from
> being a simple exploit vector (e.g. abc.txt.exe with a default "text"
> icon), it also confuses end users when they create documents. So here
> we see loads of xyz.doc.doc and xyz.dot.doc files flying past.
>
> I'll believe that Microsoft takes security seriously if and only if it
> issues patches to permanently disable that misfeature.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
>> -----Original Message-----
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>> Sent: 07 December 2004 12:19
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: Double Extension Permission
>>
>> I have had the double extension rule turned off ever since
>> you introduced it. People howl if I turn it on. But I would
>> like to have it on if I could.
>>
>> Jeff Earickson
>> Colby College
>>
>> On Tue, 7 Dec 2004, Julian Field wrote:
>>
>>> Most people like this rule. Do you know the original reason
>> I wrote it?
>>> Purely to demonstrate what could be done in a filename
>> rule, to show
>>> that it wasn't just a list of banned extensions like the commercial
>>> products can do, but that it was actually a powerful
>> feature which could do a whole lot more.
>>>
>>> To my surprise, everyone went with it. I guess it is rather
>> useful to
>>> most sites. But if you don't like it then change it. It's
>> staying in
>>> the default rules for the reason I wrote it in the first
>> place. That's
>>> why none of this stuff is hard-coded, you adapt MailScanner to your
>>> site, not the other way round (talk to a SAP user about that!).
>>>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list