Best practice

Rick Cooper rcooper at DWFORD.COM
Fri Oct 14 12:02:50 IST 2005 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Friday, October 14, 2005 3:24 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Best practice
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On 13 Oct 2005, at 18:18, Rick Cooper wrote:
>
> >> -----Original Message-----
> >> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> >> Behalf Of Leif Neland
> >> Sent: Thursday, October 13, 2005 8:41 AM
> >> To: MAILSCANNER at JISCMAIL.AC.UK
> >> Subject: Re: Best practice
> >>
> >>
> >> From: "Rick Cooper" <rcooper at DWFORD.COM>
> >> To: <MAILSCANNER at JISCMAIL.AC.UK>
> >> Sent: Thursday, October 13, 2005 3:03 PM
> >> Subject: Re: Best practice
> >>
<snip>

> > That has to do with an old vulnerability wherein you could place an
> > incorrect ending suffix such as txt to an executable and it would
> > fire off
> > rather than use notepad because it was aware of the actual file
> > type. I
> > don't think it really exists anymore. The normal double filter
> > would catch
> > something ending some.exe later down the expressions.
>
> There certainly was a vulnerability whereby if you had 3 extensions,
> and the 3rd one started at the 256th character in the filename then
> it would use the 2nd one. Something like that, but that is why I put
> in the "long filename" and "lots of spaces" rules.
> I never saw any patch which definitely said they had fixed it, so the
> rules have stayed.
>

I agree with keeping them as is. As the developer you have no idea what
kinds of hardware and software people are using and if someone is
comfortable removing something that doesn't apply to their situation, fine.
Heck I still had windows 95 based boxes in three locations until last year!
They were vender supplied for a cataloging program and we had no choice
about it. I think the fact that you add new checks and leave old is the
*perfect* way to do it.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list