CLSID matching

Rick Cooper rcooper at
Thu Mar 2 17:02:13 GMT 2006

> -----Original Message-----
> From: mailscanner-bounces at
> [mailto:mailscanner-bounces at]On Behalf Of
> hermit921
> Sent: Thursday, March 02, 2006 11:47 AM
> To: MailScanner discussion
> Subject: Re: CLSID matching
> I was looking in the filenames file at the CLSID line.  Doesn't
> this match
> any file name containing that 25 character string in {}, not just
> ending in
> that string?
> hermit921
> # Deny filenames ending with CLSID's
> deny	\{[a-hA-H0-9-]{25,}\}	Filename trying to hide its real
> type				Files
> containing  CLSID's are trying to hide their real type

Technically yes, but I cannot imagine someone naming a file with:

anywhere in the file name,but it should be  deny \.\{[a-hA-H0-9-]{25,}\}$
for the vulernability to work (IIRC)


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list