Best practice

Richard Thomas richard.thomas at PSYSOLUTIONS.COM
Thu Oct 13 22:10:18 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rabellino Sergio wrote:

> Ho do you feel about  mycode.c.old or mydocs.tar.gz, or 
> mydata.20051009.txt ???
> It's hard tell anyone that he can't send a project in development to 
> someone else because there are double dotted filenames, without 
> concerning
> the real content.
> This was the start point for our discussion, then my doubt on that 
> rule. Could  be a 'better performance' rule, but there are real 
> attacks catched ONLY by that rule ?
> For now i've not found any attacks singularly catched by the 
> double-dot rule, but...
I've been wondering about this myself. I mean sure, block report.doc.exe 
and hotpic.jpg.pif but is anything really gained by blocking the 
examples listed by the previous poster? And I mean don't just do some 
handwaving about "extra security", I'd like to see a real explanation of 
the gain and preferably a couple of examples.


MIS Department      | Psychiatric Solutions Inc |Phone: +1 615 312 5787
840 Crescent Ctr Dr |                           |Fax:   +1 615 312 5711
Suite 460           +---------------------------+----------------------
Franklin, TN 37067  |Support: helpdesk at +1 615 312 5888

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list