# poison double-extension filenames, used to hide executables
# this file can be updated from http://www.impsec.org/email-tools/poison-doubleext.san
# $Id$

*.[a-z][a-z].(bat|cmd|com|dll|exe|scr|pif|ocx|vb[a-z])		P
*.[a-z][a-z][a-z0-9].(bat|cmd|com|dll|exe|scr|pif|ocx|vb[a-z])	P

# include embedded-whitespace variants
*.[a-z][a-z]\s+.(bat|cmd|com|dll|exe|scr|pif|ocx|vb[a-z])		P
*.[a-z][a-z][a-z0-9]\s+.(bat|cmd|com|dll|exe|scr|pif|ocx|vb[a-z])	P
*.[a-z][a-z]\s+[\sa-z0-9]+.(bat|cmd|com|dll|exe|scr|pif|ocx|vb[a-z])		P
*.[a-z][a-z][a-z0-9]\s+[\sa-z0-9]+.(bat|cmd|com|dll|exe|scr|pif|ocx|vb[a-z])	P