[Esd-l] *.cv.doc trapped how?

Mark_Saunders Mark_Saunders at piucorp.com
Tue Mar 19 06:56:01 PST 2002 

I believe that you have an entry in your MANGLED line something like this:
\{[0-9a-f+\}
I believe this is the guy that grabs double extension filenames.
If you remove this entry, the double-extension filenames should pass
through.
Personally, I like the feature...there are just too many unknowns out
there.

"John D. Hardin" wrote:

> On 18 Mar 2002, mbourque at montana.edu wrote:
>
> > I took doc files out of the MANGLE_EXTENSIONS list so word documents
> > could get through,
>
> Office files are "special". They are scanned and subjected to the
> strip/poison lists regardless of whether they are in the MANGLE list.
> I'm pretty sure I mention this on the Configuration page - yell at me
> if I don't... :)
>
> This is done to permit macro scanning and poisoning without mangling,
> for those who want to macro scan and/or strip/poison without mangling
> those filenames.
>
> What version of the sanitizer are you using?
>
> Take a look at the current recommended poison list (follow the link on
> the web page). There's a section that handles double-extension
> filenames while excluding .doc and .xls files:
>
>   *.[a-z][a-z].(?=[a-z0-9]+$)(?!(doc$|xls$))
>   *.[a-z][a-z]\s+.(?=[a-z0-9]+$)(?!(doc$|xls$))
>   *.[a-z][a-z][a-z0-9].(?=[a-z0-9]+$)(?!(doc$|xls$))
>   *.[a-z][a-z][a-z0-9]\s+.(?=[a-z0-9]+$)(?!(doc$|xls$))
>
> You might want to use these in your poison/strip lists instead of your
> current double-extension rule (like *.[a-z][a-z].*), which *will*
> match .doc and .xls extensions, and is likely the rule that's causing
> you heartburn.
>
> (Note to everybody: those four rules changed this weekend - if you're
> not pulling the recommended poison list automatically, you should
> update your double-extension rules to what is shown above.)
>
> --
>  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
>  jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   In 1998 more than three times as many people in the US were killed
>   by incompetent physicians than were killed by handguns, yet the
>   President of the A.M.A. is adopting "gun safety" as his platform.
> -----------------------------------------------------------------------
>    960 days until the Presidential Election
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l

--
mv $win /dev/null

More information about the esd-l mailing list