[Esa-l]Double Extensions
John Hardin
jhardin at impsec.org
Wed May 23 19:27:46 PDT 2001
On 23 May 2001 11:35:58 -0500, Michael Masse wrote:
> Hello,
> I'm curious as to whether I'd be making our system more vulnerable by
> removing the portion in the scanner to block filenames with double extentions.
> We will still block all vbs, scr, etc... We do not scan for macros, nor
> do we mangle filenames on .doc or .xls.
Double-extensions with wildcards in the last position are probably
overkill, since they're really there to deal with *.*.exe when you're
not poisoning all .exe's (or all .vbs, .pif, .scr, etcetera).
You might want to change it to:
*.*.exe
*.*.com
and whatever other executable extensions you are not completely
poisoning.
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin at wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
More information about the esd-l
mailing list