> http://www.clearswift.com/support/threatlab/do> cs/extensionthreats.aspx
>
> Thanks for the tip, I didn't know about that.
Ready-to-fire ammo, thank you very much! These links would be good to see
in documentation. If I knew more about how Anomy works I'd be happy to
write some up..
> To the original poster then, I suggest just adding the "\s*$"
> to the end
> of file_list_2. Then your first rule will still catch
> dangerous "middle
> extensions".
So something like..
# Outlook Calender appointments
file_list_2 += |ics
# Source code:
file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
# Allow documents with some silly extensions through, e.g.
Somecompany.com.doc
File_list_2 += |\s*$
file_list_2_policy = accept
file_list_2_scanner = 0
> Perhaps it's then also worthwhile to add a double and/or triple
> extension rule.
File_list_2 += |\s*$\s*$\s*$ ?
(I hope if I got that wrong at least it made someone smile ;-)
Cheers all, thnx
P