From owner-freebsd-security Tue Dec 4 19:51:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from science.slc.edu (Science.SLC.Edu [198.83.6.248]) by hub.freebsd.org (Postfix) with ESMTP id A738637B416; Tue, 4 Dec 2001 19:51:26 -0800 (PST) Received: (from aschneid@localhost) by science.slc.edu (8.11.0/8.11.0) id fB53lkG80700; Tue, 4 Dec 2001 22:47:46 -0500 (EST) (envelope-from aschneid) Date: Tue, 4 Dec 2001 22:47:45 -0500 From: Anthony Schneider To: Anthony Kim Cc: Alfred Perlstein , Len Conrad , freebsd-security@FreeBSD.ORG, jmb@FreeBSD.ORG Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!! Message-ID: <20011204224745.A80613@mail.slc.edu> References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011205021654.GA31554@boethius.telocity.com>; from niceshorts@yahoo.com on Tue, Dec 04, 2001 at 08:16:54PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable It couldn't hurt to block out double extensions and simply make that public. There's little load wasted on spotting a double extension, replying to the sender that double extensions are not allowed, and waiting for the sender to resend without the double extension. Same goes with bandwidth. Plus, how many attachments with double extensions are actually posted to freebsd-security? I've seen very few, personally. -Anthony. On Tue, Dec 04, 2001 at 08:16:54PM -0600, Anthony Kim wrote: > On Tue, Dec 04, 2001, Alfred Perlstein wrote: >=20 > > Blocking double extentions is a real pain because people may > > elect to send .gz or .bz2 or a myriad of other legit formats. > > I guess in the face of this obnoxious plague it may make sense > > to drop all attachments that contain double suffix attachments > > with the exception of .gz and .bz2. I know I've most likely > > forgotten an important extention, but we can add those as the > > need arises? >=20 > and .Z >=20 > You've got to consider, people send all sorts of weird filenames. > mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or > BSD.include.dist - you get the idea. >=20 > At work we focus on the AV recommended most wanted, .pif, .exe., > .vbs, .scr, .shs, but this list is getting longer and longer :( > --=20 > "Le motd juste." >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjwNmOAACgkQ+rDjkNht5F1NWwCfU445RGTPCbtpW9SIFGhe0Cjv iyAAn1YFcVCP3+1OnTMkSbf0nW9vHv6n =iHDG -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message