Overzealous double extension filter

Report bugs and workarounds
Post Reply
User avatar
BOOZy
Posts: 39
Joined: 04 Oct 2017 13:17

Overzealous double extension filter

Post by BOOZy »

Hi All,

I often see emails being blocked that trigger the double extension filter that a human viewer can instantly recognize as a false positive.
For example: 'itinerary j.doe.pdf' will get filtered.
Since both '.doe' and '.pdf' are safe extensions this shouldn't happen.

I have manually added a few common exceptions already (like .docx.pdf, since people often convert Word documents to PDF) but obviously I can't make exceptions for every possible variation.
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Overzealous double extension filter

Post by henk »

Since both '.doe' and '.pdf' are safe extensions this shouldn't happen. a human viewer can instantly recognize as a false positive
The human factor is not the best factor to detect false positives.Security awareness and users.. :doh: :drool: :shock:
As there are a zillion posts about embedded code in pdf's, just take a look at one, to get the idea.
https://www.vmray.com/cyber-security-bl ... -document/
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
thewomble
Posts: 50
Joined: 17 Jan 2017 12:52

Re: Overzealous double extension filter

Post by thewomble »

I agree with henk, anything here with a double extension should beblocked, and is blocked here.

When I first "turned it on" I got some pain, now I cannot rememeber the last time anybody complained about it.
Post Reply