From owner-freebsd-security  Tue Dec  4 18:20:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP
	id C3AA737B417; Tue,  4 Dec 2001 18:20:34 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 49FD081D01; Tue,  4 Dec 2001 20:20:29 -0600 (CST)
Date: Tue, 4 Dec 2001 20:20:29 -0600
From: Alfred Perlstein <bright@mu.org>
To: Len Conrad <LConrad@Go2France.com>, freebsd-security@freebsd.org,
	jmb@freebsd.org
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011204202029.F92148@elvis.mu.org>
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205021654.GA31554@boethius.telocity.com>; from niceshorts@yahoo.com on Tue, Dec 04, 2001 at 08:16:54PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Anthony Kim <niceshorts@yahoo.com> [011204 20:16] wrote:
> On Tue, Dec 04, 2001, Alfred Perlstein wrote:
> 
> > Blocking double extentions is a real pain because people may
> > elect to send .gz or .bz2 or a myriad of other legit formats.
> > I guess in the face of this obnoxious plague it may make sense
> > to drop all attachments that contain double suffix attachments
> > with the exception of .gz and .bz2.  I know I've most likely
> > forgotten an important extention, but we can add those as the
> > need arises?
> 
> and .Z
> 
> You've got to consider, people send all sorts of weird filenames.
> mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or
> BSD.include.dist - you get the idea.
> 
> At work we focus on the AV recommended most wanted, .pif, .exe.,
> .vbs, .scr, .shs, but this list is getting longer and longer :(

It's always better to have a:

permit: .uu .bz2 .gz .Z
deny: *

than the opposite, if someone complains then we'll let them
through, part of the reason that all these problems occur is
that there's so many goddamn formats that exist for microsofty
clients that will screw them over that people forget to block
them all.


-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
                           http://www.morons.org/rants/gpl-harmful.php3

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message