<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>Filename.rules.conf - CLSID false positive</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Has anyone else encountered any false positives with this filename rule? </FONT>
</P>
<P><FONT SIZE=2># Deny filenames ending with CLSID's</FONT>
<BR><FONT SIZE=2>deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type</FONT></P>
<BR>
<P><FONT SIZE=2>I have a vendor who sends PDF files that look like:</FONT>
</P>
<P> <FONT SIZE=2>138139_{8B5AC3AF-BE17-4A06-BB98-790FA5C00C9B}.pdf</FONT>
</P>
<P><FONT SIZE=2>I researched the CLSID vulnerability and it seems that it is only effective when tagged at the end of the filename, after the extension. I am considering revising this regex to something like:</FONT></P>
<P><FONT SIZE=2>\{[a-hA-H0-9-]{25,}\}$</FONT>
</P>
<P><FONT SIZE=2>Does anyone see any danger in this change? </FONT>
</P>
<P><FONT SIZE=2>Thanks</FONT>
</P>
<P><FONT SIZE=2>Jason</FONT>
</P>
</BODY>
</HTML>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at http://www.mailscanner.biz/maq/ and the archives
at http://www.jiscmail.ac.uk/lists/mailscanner.html