Double Extension Permission

Anders Andersson, IT anders.andersson at LTKALMAR.SE
Tue Dec 7 15:21:01 GMT 2004


> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: Tuesday, December 07, 2004 2:59 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Double Extension Permission
> 
> I allow .xxx.xxx type extensions, so .doc.doc is fine but 
> .dot.doc isn't.

Here is where Im confused, is there any special reason for blocking
dot.doc or exe.doc
accept to "show off" ;)
the great work and thinking you have put in to make it as costumizable
as it can be?


> 
> On 7/12/04 1:12 pm, "Randal, Phil" 
> <prandal at HEREFORDSHIRE.GOV.UK> wrote:
> > The problem is Microsoft's insane file extension hiding.  
> >Apart from being a simple exploit vector (e.g. abc.txt.exe with a 
> >default "text" icon), it also confuses end users when they create 
> >documents.  So here we see loads of xyz.doc.doc and xyz.dot.doc files
flying past.
> >I'll believe that Microsoft takes security seriously if and only if
it 
> > issues patches to permanently disable that misfeature.
> >
> > Cheers,
> >
> > Phil
> >
> >
> >> -----Original Message-----
> >> From: MailScanner mailing list
> >> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
> >> Sent: 07 December 2004 12:19
> >> To: MAILSCANNER at JISCMAIL.AC.UK
> >> Subject: Re: Double Extension Permission
> >>
> >> I have had the double extension rule turned off ever since you 
> >> introduced it.  People howl if I turn it on.  But I would like to 
> >> have it on if I could.
> >>
> >> Jeff Earickson
> >> Colby College
> >>
> >> On Tue, 7 Dec 2004, Julian Field wrote:
> >>
> >>> Most people like this rule. Do you know the original reason I
wrote it?
> >>> Purely to demonstrate what could be done in a filename rule, to
show
> >>> that it wasn't just a list of banned extensions like the
commercial 
> >>> products can do, but that it was actually a powerful feature which
could do a whole lot more.
> >>> To my surprise, everyone went with it. I guess it is rather useful
to
> >>> most sites. But if you don't like it then change it. It's staying
in
> >>> the default rules for the reason I wrote it in the first place.
That's
> >>> why none of this stuff is hard-coded, you adapt  MailScanner to
your 
> >>> site, not the other way round (talk to a SAP user about that!).
> >>>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list