Overzealous double extension filter

Report bugs and workarounds
Post Reply
User avatar
BOOZy
Posts: 17
Joined: 04 Oct 2017 13:17

Overzealous double extension filter

Post by BOOZy » 25 Jan 2019 08:51

Hi All,

I often see emails being blocked that trigger the double extension filter that a human viewer can instantly recognize as a false positive.
For example: 'itinerary j.doe.pdf' will get filtered.
Since both '.doe' and '.pdf' are safe extensions this shouldn't happen.

I have manually added a few common exceptions already (like .docx.pdf, since people often convert Word documents to PDF) but obviously I can't make exceptions for every possible variation.

henk
Posts: 290
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Overzealous double extension filter

Post by henk » 25 Jan 2019 10:02

Since both '.doe' and '.pdf' are safe extensions this shouldn't happen. a human viewer can instantly recognize as a false positive
The human factor is not the best factor to detect false positives.Security awareness and users.. :doh: :drool: :shock:
As there are a zillion posts about embedded code in pdf's, just take a look at one, to get the idea.
https://www.vmray.com/cyber-security-bl ... -document/

thewomble
Posts: 41
Joined: 17 Jan 2017 12:52

Re: Overzealous double extension filter

Post by thewomble » 25 Jan 2019 16:53

I agree with henk, anything here with a double extension should beblocked, and is blocked here.

When I first "turned it on" I got some pain, now I cannot rememeber the last time anybody complained about it.

Post Reply