Double Extension Permission

Tue Dec 7 15:34:26 GMT 2004

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Anders Andersson, IT wrote:

>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>Sent: Tuesday, December 07, 2004 2:59 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Double Extension Permission
>>
>>I allow .xxx.xxx type extensions, so .doc.doc is fine but
>>.dot.doc isn't.
>>
>>
>
>Here is where Im confused, is there any special reason for blocking
>dot.doc or exe.doc
>accept to "show off" ;)
>
>
I just used them as examples. A better one might have been txt.doc which
will display as a harmless text file, but which could actually be a Word
document with nasty embedded macros. It just takes a bit of imagination
to think up other nasties this protects you from. In general though, I
think it is quite dangerous for a file to claim to be one thing while
actually being something else. Or perhaps .txt.html which could then
contain an exploit for an IE vulnerability they know your site hasn't
patched.

All I have added to my own setups is .jan.doc, .feb.doc, .mar.doc and so
on are all allowed so that monthly reports get through intact.

>the great work and thinking you have put in to make it as costumizable
>as it can be?
>
>
>
>
>>On 7/12/04 1:12 pm, "Randal, Phil"
>><prandal at HEREFORDSHIRE.GOV.UK> wrote:
>>
>>
>>>The problem is Microsoft's insane file extension hiding.
>>>Apart from being a simple exploit vector (e.g. abc.txt.exe with a
>>>default "text" icon), it also confuses end users when they create
>>>documents.  So here we see loads of xyz.doc.doc and xyz.dot.doc files
>>>
>>>
>flying past.
>
>
>>>I'll believe that Microsoft takes security seriously if and only if
>>>
>>>
>it
>
>
>>>issues patches to permanently disable that misfeature.
>>>
>>>Cheers,
>>>
>>>Phil
>>>
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: MailScanner mailing list
>>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>>>>Sent: 07 December 2004 12:19
>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>Subject: Re: Double Extension Permission
>>>>
>>>>I have had the double extension rule turned off ever since you
>>>>introduced it.  People howl if I turn it on.  But I would like to
>>>>have it on if I could.
>>>>
>>>>Jeff Earickson
>>>>Colby College
>>>>
>>>>On Tue, 7 Dec 2004, Julian Field wrote:
>>>>
>>>>
>>>>
>>>>>Most people like this rule. Do you know the original reason I
>>>>>
>>>>>
>wrote it?
>
>
>>>>>Purely to demonstrate what could be done in a filename rule, to
>>>>>
>>>>>
>show
>
>
>>>>>that it wasn't just a list of banned extensions like the
>>>>>
>>>>>
>commercial
>
>
>>>>>products can do, but that it was actually a powerful feature which
>>>>>
>>>>>
>could do a whole lot more.
>
>
>>>>>To my surprise, everyone went with it. I guess it is rather useful
>>>>>
>>>>>
>to
>
>
>>>>>most sites. But if you don't like it then change it. It's staying
>>>>>
>>>>>
>in
>
>
>>>>>the default rules for the reason I wrote it in the first place.
>>>>>
>>>>>
>That's
>
>
>>>>>why none of this stuff is hard-coded, you adapt  MailScanner to
>>>>>
>>>>>
>your
>
>
>>>>>site, not the other way round (talk to a SAP user about that!).
>>>>>
>>>>>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!