On Monday 08 March 2004 6:12 pm, John Jolet wrote:
> This brings up an interesting point. I've never seen a legitimate file on
> a windows box with two or more 3-character extensions. Would it be a bad
> assumption to make?
Yes, because not everyone uses Windows :) and things like filename.tar.rpm are
common in the Unix world, also even Windows users are known to use filenames
such as accounts.jan.xls
I've never understood the point of blocking twin-extension filenames, however.
It's only the final extension that you need to block, because that's what
Windows is going to look at and decide what to do with the file.
If someone sends a file called sexypicture.gif.exe in the hopes that the user
receiving it will see sexypicture.gif (because Microsoft apps helpfully hide
the file extension), click on it, and end up executing a .exe when they
expected to view a .gif, the important aspect from a filtering point of view
is that it ended in .exe - the fact that just preceding it was .gif is
neither here nor there.
Therefore I think (1) there are plenty of legitimate twin-3-letter extensioned
files around, and (2) there's no reason to look at anything other than the
final extension anyway, if you're bothered about what Windows apps are going
to do with something.
Regards,
Antony.
--
This email was created using 100% recycled electrons.
Please reply to the list;
please don't CC me.
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
