Question regarding Filename Rules

Alex Neuman van der Hans alex at nkpanama.com
Tue Apr 19 15:17:04 IST 2005


The only problem with the double extension rule I've seen so far is that
when you get files named "Dr. Bla. Blableble.doc" with several periods in
the filename, they get rejected. I've added the extensions I *do* want to
allow through before the double extension rule so that they don't get
blocked. That should be enough as long as it's not an executable extension
like .EXE, .PIF, .SCR and others like them.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Roger Jochem
Sent: Tuesday, April 19, 2005 9:07 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Question regarding Filename Rules

I was saved from some infections in the last year thanks to that rule in
MailScanner. For 5 or 6 times last year this function stopped new viruses
way before McAfee, Clamav and BitDefender in my server. In some of these
cases, the first antivirus was 4 hours late in the detection, and all this
time I would be voulnerable if this whas turned off...

I use this argument (that's true) all the time with my users when they
complain about this, and it's working!

Regards

Roger Jochem


----- Original Message -----
From: "Rob Poe" <rpoe at PLATTESHERIFF.ORG>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, April 19, 2005 11:01 AM
Subject: Question regarding Filename Rules


> I have a client who is requesting that I remove the double extension rule.
They are getting files (jokes, at that!) with .htm.html extensions (along
with other things) and they want the double extension rule removed.
>
> I think this is a bad idea, can anyone give me a better argument than
"Because I said" to leave it in place?
>
> What are the chances of them being MORE at risk for infection?
>
> Thanks!
>
> Rob
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list