From owner-freebsd-security  Tue Dec  4 18:17: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from c007.snv.cp.net (c007-h000.c007.snv.cp.net [209.228.33.206])
	by hub.freebsd.org (Postfix) with SMTP id 0FAE237B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 18:16:56 -0800 (PST)
Received: (cpmta 12300 invoked from network); 4 Dec 2001 18:16:55 -0800
Received: from 64.195.103.89 (HELO boethius.telocity.com)
  by smtp.telocity.com (209.228.33.206) with SMTP; 4 Dec 2001 18:16:55 -0800
X-Sent: 5 Dec 2001 02:16:55 GMT
Received: by boethius.telocity.com (Postfix, from userid 1000)
	id BD4CD22CE; Tue,  4 Dec 2001 20:16:54 -0600 (CST)
Date: Tue, 4 Dec 2001 20:16:54 -0600
From: Anthony Kim <niceshorts@yahoo.com>
To: Alfred Perlstein <bright@mu.org>
Cc: Len Conrad <LConrad@Go2France.com>, freebsd-security@freebsd.org,
	jmb@freebsd.org
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011205021654.GA31554@boethius.telocity.com>
Mail-Followup-To: Alfred Perlstein <bright@mu.org>,
	Len Conrad <LConrad@Go2France.com>, freebsd-security@freebsd.org,
	jmb@freebsd.org
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011204194431.E92148@elvis.mu.org>
User-Agent: Mutt/1.3.23.2i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001, Alfred Perlstein wrote:

> Blocking double extentions is a real pain because people may
> elect to send .gz or .bz2 or a myriad of other legit formats.
> I guess in the face of this obnoxious plague it may make sense
> to drop all attachments that contain double suffix attachments
> with the exception of .gz and .bz2.  I know I've most likely
> forgotten an important extention, but we can add those as the
> need arises?

and .Z

You've got to consider, people send all sorts of weird filenames.
mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or
BSD.include.dist - you get the idea.

At work we focus on the AV recommended most wanted, .pif, .exe.,
.vbs, .scr, .shs, but this list is getting longer and longer :(
-- 
"Le motd juste."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message