[Esa-l]Double Extensions

John Hardin jhardin at impsec.org
Wed May 23 19:27:46 PDT 2001

On 23 May 2001 11:35:58 -0500, Michael Masse wrote:
> Hello,
>    I'm curious as to whether I'd be making our system more vulnerable by
> removing the portion in the scanner to block filenames with double extentions.
> We will still block all vbs, scr, etc...      We do not scan for macros, nor
> do we mangle filenames on .doc or .xls.   

Double-extensions with wildcards in the last position are probably
overkill, since they're really there to deal with *.*.exe when you're
not poisoning all .exe's (or all .vbs, .pif, .scr, etcetera).

You might want to change it to:


and whatever other executable extensions you are not completely

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79

More information about the esd-l mailing list