Page 1 of 1

Overzealous double extension filter

Posted: 25 Jan 2019 08:51
by BOOZy
Hi All,

I often see emails being blocked that trigger the double extension filter that a human viewer can instantly recognize as a false positive.
For example: 'itinerary j.doe.pdf' will get filtered.
Since both '.doe' and '.pdf' are safe extensions this shouldn't happen.

I have manually added a few common exceptions already (like .docx.pdf, since people often convert Word documents to PDF) but obviously I can't make exceptions for every possible variation.

Re: Overzealous double extension filter

Posted: 25 Jan 2019 10:02
by henk
Since both '.doe' and '.pdf' are safe extensions this shouldn't happen. a human viewer can instantly recognize as a false positive
The human factor is not the best factor to detect false positives.Security awareness and users.. :doh: :drool: :shock:
As there are a zillion posts about embedded code in pdf's, just take a look at one, to get the idea.
https://www.vmray.com/cyber-security-bl ... -document/

Re: Overzealous double extension filter

Posted: 25 Jan 2019 16:53
by thewomble
I agree with henk, anything here with a double extension should beblocked, and is blocked here.

When I first "turned it on" I got some pain, now I cannot rememeber the last time anybody complained about it.