Best practice

Rabellino Sergio rabellino at DI.UNITO.IT
Fri Oct 14 11:23:19 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>On 13 Oct 2005, at 22:10, Richard Thomas wrote:
>>Rabellino Sergio wrote:
>>>Ho do you feel about  mycode.c.old or mydocs.tar.gz, or mydata. 
>>>20051009.txt ???
>>>It's hard tell anyone that he can't send a project in development  
>>>to someone else because there are double dotted filenames, without  
>>>the real content.
>>>This was the start point for our discussion, then my doubt on that  
>>>rule. Could  be a 'better performance' rule, but there are real  
>>>attacks catched ONLY by that rule ?
>>>For now i've not found any attacks singularly catched by the  
>>>double-dot rule, but...
>>I've been wondering about this myself. I mean sure, block  
>>report.doc.exe and hotpic.jpg.pif but is anything really gained by  
>>blocking the examples listed by the previous poster? And I mean  
>>don't just do some handwaving about "extra security", I'd like to  
>>see a real explanation of the gain and preferably a couple of  
>Please remember that no-one is forcing any of this on you. Don't like  
>them? Don't use them. The default rules are the ones I felt were  
>worth having, some based on my own experience and some based on  
>Microsoft's own lists of such things.
>I wrote the double-extension trap rule as an example of what you  
>could do with my rules system, rather than the simple extension- 
>blockers provided with any of the commercial alternatives. It has  
>turned out be rather useful, and I wouldn't want to be without it.
>But if you don't see the reason for having some/all of the rules,  
>just delete them. This whole conversation has become a bit pointless  
>and circular, in my opinion.
I was 'out of the window' to see all the opinions, to better understand 
all the various ideas around.
Remember Julian that for many users  your example or suggestion wired in 
the standard configuration,would be the best thing to do, so
a careful selection must be done.
Probably the double dot rule must be listed as usually, but a bit of 
criticism on the past choices would lead to a better comprehension of MS.

Thanks to all.

Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list