[Esd-l] *.cv.doc trapped how?

John D. Hardin jhardin at impsec.org
Mon Mar 18 17:06:00 PST 2002 

On 18 Mar 2002, mbourque at montana.edu wrote:

> I took doc files out of the MANGLE_EXTENSIONS list so word documents
> could get through,

Office files are "special". They are scanned and subjected to the
strip/poison lists regardless of whether they are in the MANGLE list.
I'm pretty sure I mention this on the Configuration page - yell at me
if I don't... :)

This is done to permit macro scanning and poisoning without mangling,
for those who want to macro scan and/or strip/poison without mangling
those filenames.

What version of the sanitizer are you using?

Take a look at the current recommended poison list (follow the link on
the web page). There's a section that handles double-extension
filenames while excluding .doc and .xls files:

  *.[a-z][a-z].(?=[a-z0-9]+$)(?!(doc$|xls$))
  *.[a-z][a-z]\s+.(?=[a-z0-9]+$)(?!(doc$|xls$))
  *.[a-z][a-z][a-z0-9].(?=[a-z0-9]+$)(?!(doc$|xls$))
  *.[a-z][a-z][a-z0-9]\s+.(?=[a-z0-9]+$)(?!(doc$|xls$))

You might want to use these in your poison/strip lists instead of your
current double-extension rule (like *.[a-z][a-z].*), which *will*
match .doc and .xls extensions, and is likely the rule that's causing
you heartburn.

(Note to everybody: those four rules changed this weekend - if you're
not pulling the recommended poison list automatically, you should
update your double-extension rules to what is shown above.)

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   960 days until the Presidential Election

More information about the esd-l mailing list