Hi All,
I often see emails being blocked that trigger the double extension filter that a human viewer can instantly recognize as a false positive.
For example: 'itinerary j.doe.pdf' will get filtered.
Since both '.doe' and '.pdf' are safe extensions this shouldn't happen.
I have manually added a few common exceptions already (like .docx.pdf, since people often convert Word documents to PDF) but obviously I can't make exceptions for every possible variation.
Overzealous double extension filter
Re: Overzealous double extension filter
The human factor is not the best factor to detect false positives.Security awareness and users..Since both '.doe' and '.pdf' are safe extensions this shouldn't happen. a human viewer can instantly recognize as a false positive
As there are a zillion posts about embedded code in pdf's, just take a look at one, to get the idea.
https://www.vmray.com/cyber-security-bl ... -document/
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Overzealous double extension filter
I agree with henk, anything here with a double extension should beblocked, and is blocked here.
When I first "turned it on" I got some pain, now I cannot rememeber the last time anybody complained about it.
When I first "turned it on" I got some pain, now I cannot rememeber the last time anybody complained about it.