anomy-list

RE: File exclusion question : Somecompany.com.doc

From: Peter Mueller (112501@xyz.molar.is)
Date: Wed 28 Jan 2004 - 20:22:31 GMT

  • Next message: Kevin Shanahan: "RE: File exclusion question : Somecompany.com.doc"

    > http://www.clearswift.com/support/threatlab/do> cs/extensionthreats.aspx
    >
    > Thanks for the tip, I didn't know about that.

    Ready-to-fire ammo, thank you very much! These links would be good to see
    in documentation. If I knew more about how Anomy works I'd be happy to
    write some up..

    > To the original poster then, I suggest just adding the "\s*$"
    > to the end
    > of file_list_2. Then your first rule will still catch
    > dangerous "middle
    > extensions".

    So something like..

    # Outlook Calender appointments
    file_list_2 += |ics
    # Source code:
    file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
    # Allow documents with some silly extensions through, e.g.
    Somecompany.com.doc
    File_list_2 += |\s*$
    file_list_2_policy = accept
    file_list_2_scanner = 0

    > Perhaps it's then also worthwhile to add a double and/or triple
    > extension rule.

    File_list_2 += |\s*$\s*$\s*$ ?

    (I hope if I got that wrong at least it made someone smile ;-)

    Cheers all, thnx

    P



    hosted by molar.is