Double Extension Permission
Alex Neuman van der Hans
alex at nkpanama.com
Tue Dec 7 23:40:20 GMT 2004
I usually just allow .doc, .exe, etc. at the top, so those get through fine.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Tuesday, December 07, 2004 10:34 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Double Extension Permission
Anders Andersson, IT wrote:
>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>Sent: Tuesday, December 07, 2004 2:59 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Double Extension Permission
>>
>>I allow .xxx.xxx type extensions, so .doc.doc is fine but .dot.doc
>>isn't.
>>
>>
>
>Here is where Im confused, is there any special reason for blocking
>dot.doc or exe.doc accept to "show off" ;)
>
>
I just used them as examples. A better one might have been txt.doc which
will display as a harmless text file, but which could actually be a Word
document with nasty embedded macros. It just takes a bit of imagination to
think up other nasties this protects you from. In general though, I think it
is quite dangerous for a file to claim to be one thing while actually being
something else. Or perhaps .txt.html which could then contain an exploit for
an IE vulnerability they know your site hasn't patched.
All I have added to my own setups is .jan.doc, .feb.doc, .mar.doc and so on
are all allowed so that monthly reports get through intact.
>the great work and thinking you have put in to make it as costumizable
>as it can be?
>
>
>
>
>>On 7/12/04 1:12 pm, "Randal, Phil"
>><prandal at HEREFORDSHIRE.GOV.UK> wrote:
>>
>>
>>>The problem is Microsoft's insane file extension hiding.
>>>Apart from being a simple exploit vector (e.g. abc.txt.exe with a
>>>default "text" icon), it also confuses end users when they create
>>>documents. So here we see loads of xyz.doc.doc and xyz.dot.doc files
>>>
>>>
>flying past.
>
>
>>>I'll believe that Microsoft takes security seriously if and only if
>>>
>>>
>it
>
>
>>>issues patches to permanently disable that misfeature.
>>>
>>>Cheers,
>>>
>>>Phil
>>>
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: MailScanner mailing list
>>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>>>>Sent: 07 December 2004 12:19
>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>Subject: Re: Double Extension Permission
>>>>
>>>>I have had the double extension rule turned off ever since you
>>>>introduced it. People howl if I turn it on. But I would like to
>>>>have it on if I could.
>>>>
>>>>Jeff Earickson
>>>>Colby College
>>>>
>>>>On Tue, 7 Dec 2004, Julian Field wrote:
>>>>
>>>>
>>>>
>>>>>Most people like this rule. Do you know the original reason I
>>>>>
>>>>>
>wrote it?
>
>
>>>>>Purely to demonstrate what could be done in a filename rule, to
>>>>>
>>>>>
>show
>
>
>>>>>that it wasn't just a list of banned extensions like the
>>>>>
>>>>>
>commercial
>
>
>>>>>products can do, but that it was actually a powerful feature which
>>>>>
>>>>>
>could do a whole lot more.
>
>
>>>>>To my surprise, everyone went with it. I guess it is rather useful
>>>>>
>>>>>
>to
>
>
>>>>>most sites. But if you don't like it then change it. It's staying
>>>>>
>>>>>
>in
>
>
>>>>>the default rules for the reason I wrote it in the first place.
>>>>>
>>>>>
>That's
>
>
>>>>>why none of this stuff is hard-coded, you adapt MailScanner to
>>>>>
>>>>>
>your
>
>
>>>>>site, not the other way round (talk to a SAP user about that!).
>>>>>
>>>>>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store Professional Support
Services at www.MailScanner.biz MailScanner thanks transtec Computers for
their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list