On Tue, 2001-12-04 at 23:05, Dave C. wrote:
>
> I am aware of the Generic Executable Filter that Nigel has published.
>
> I'm wondering if anyone has written or attempted to write a filter which
> only blocks attachments disguised with two extensions, where the second
> (hidden) extension is an executable one (eg xxxxx.gif.exe or
> xxxxx.doc.pif)
Modify the regexp to have something like \.[A-Z0-9]{1,3} ahead of the
extension. [you will need to modify the \ quoting to work in that
filter.
Note this will then ignore the latest and not so greatest varient which
just uses gone.scr as the name.
> We are an ISP, and cant quite block all executable content outright, but
> I can't think of too many cases where a legit attachment would have two
> extensions with the second as a windows-executable one..
Policy is obviously up to you.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
%20extension%20is%20an%20executable%20one%20(eg%20xxxxx.gif.exe%20or%0A>%20>%20xxxxx.doc.pif)%0A>%20%0A>%20Modify%20the%20regexp%20to%20have%20something%20like%20%5C.%5BA-Z0-9%5D%7B1,3%7D%20ahead%20of%20the%0A>%20extension.%20%20%5Byou%20will%20need%20to%20modify%20the%20%5C%20quoting%20to%20work%20in%20that%0A>%20filter.%0A>%20%0A>%20Note%20this%20will%20then%20ignore%20the%20latest%20and%20not%20so%20greatest%20varient%20which%0A>%20just%20uses%20gone.scr%20as%20the%20name.%0A>%20%0A>%20>%20We%20are%20an%20ISP,%20and%20cant%20quite%20block%20all%20executable%20content%20outright,%20but%0A>%20>%20I%20can't%20think%20of%20too%20many%20cases%20where%20a%20legit%20attachment%20would%20have%20two%0A>%20>%20extensions%20with%20the%20second%20as%20a%20windows-executable%20one..%0A>%20%0A>%20Policy%20is%20obviously%20up%20to%20you.%0A>%20%0A>%20%0A>%20%0A>%20%0A>%20 "Reply to this message")
