efa-project.org

Hi

I have the following lines in a config file 'filename.rules.conf'

# Custom allow filenames
allow \.xls.xlsx$ - -
allow \.xlsx.xls$ - -
allow \.LAD.PDF$ - -
allow \.lad.pdf$ - -
allow \.[a-z0-9]{3}.doc$ - -
allow \.[a-z0-9]{3}.docx$ - -
allow \.doc$ - -
allow \.docx$ - -
allow \.xls$ - -
allow \.xlsx$ - -
allow \.ddoc$ - -
allow \*.doc$ - -
allow \*.docx$ - -
allow \*.xls$ - -
allow \*.xlsx$ - -
allow \*.ddoc$ - -
allow \.[a-z0-9]{2,3}.ddoc$ - -
allow \.[a-z0-9]{2,3}.zip$ - -
allow \.[a-z0-9]{2,3}.pdf$ - -
allow \.[a-z0-9]{2,3}.doc$ - -
allow \.[a-z0-9]{2,3}.docx$ - -
allow \.[a-z0-9]{2,3}.xls$ - -
allow \.[a-z0-9]{2,3}.xlsx$ - -

# Deny all other double file extensions. This catches any hidden filenames.
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension



But the message with attachment 38LIISINGULEPINGUnr20140870lõp.akt.doc is still being blocked. How to allow any name with any number of any extensions that ends with doc, docx, pdf and also another extensions I will list?

There is even more strange problem, the message I see in the EFA interface is

MailScanner: Attempt to hide real filename extension (3201612001Koidulavõrguremont.akt.doc) ,MailScanner: Attempt to hide real filename extension (3201612001Koidulavõrguremont.akt.doc)

But the real filename was 3201612001Koidulavõrguremont.akt.bdoc (extension is BDOC, not DOC)

I found more interesting staff. BDOC is a archive but it contains a file with name something.akt.doc and this name is being blocked.

I found the file "archives.filename.rules.conf" where was needed to add allow lines. Resolved.