Kevin Shanahan wrote:
> On Wed, 2004-01-28 at 08:12, Peter Mueller wrote:
>
>>"Somecompany.com.doc" got DEFANGED. I want to allow it through. What would
>>I have to change?
>
> ...
>
>>file_list_1 += |url|exe|ws[cfh]|ops|com|prx))\s*
>
> ...
>
>>file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
>
>
> I suggest ending both file list regex with \s*$ to make sure you're
> matching against the end of the file name.
>
If the recipients use MS Outlook or Outlook Express, it's dangerous to
filter attachments based only on last file extension. See
http://www.clearswift.com/support/threatlab/docs/extensionthreats.aspx
Outlook Express in particular has a flaw where it can launch an
attachment based on the *middle* of three extensions... e.g.
".txt.exe.jpg" can be run as an executable. See
http://www.theregister.co.uk/content/56/29137.html
It's not unreasonable to ask senders to avoid multiple extensions in
attachment names (except maybe for common exceptions like .tar.gz and
.tar.bz2).