Best practice
Leif Neland
mailscanner-user at NELAND.DK
Thu Oct 13 14:40:42 IST 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
From: "Rick Cooper" <rcooper at DWFORD.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, October 13, 2005 3:03 PM
Subject: Re: Best practice
>
> # Allow XLS/DOC/PDF files that do not have an executable second extension
> deny (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.doc$
> Attempt to Hide Bad Things With DOC Extension Attempt to Hide Bad Things
> With DOC Extension - NO CIGAR!
> deny (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.xls$
> Attempt to Hide Bad Things With XLS Extension Attempt to Hide Bad Things
> With XLS Extension - NO CIGAR!
> deny (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.pdf$
> Attempt to Hide Bad Things With PDF Extension Attempt to Hide Bad Things
> With PDF Extension - NO CIGAR!
>
Haven't you got this the other way around?
There is nothing harmful with a filename.bat.doc
On the other hand, filename.doc.bat might be dangerous.
Leif
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list