Skip to main content
Lucascat
Lucascat
New Member
February 8, 2016
Question

double extension

  • February 8, 2016
  • 1 reply
  • 4549 views

Hi all,

I'm trying to block mail attachment with double extension, like "SomeFile.doc.exe"

I wrote a regexp "\.\w{3}\.\w{3}$" but it's not working.

Any idea?

 

Thanks

    1 reply

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 8, 2016

    I'd broaden the regex to include shorter extensions as well, as in "\.\w{1,3}\.\w{1,3}$". Or more than 3 substrings separated by dots. The full pattern would allow an arbitrary string just in front: ".+?\.\w{1,3}\.\w{1,3}$". The '?' is necessary to not let the first part consume all of the filename ('greedy').

     

    And that's where the tricky part begins: which scope of regex does FortiOS support? 'greedy'/'non-greedy', lookahead, named matches,...? I can't test that right now but wouldn't be too surprised if there are limitations.

    Lucascat
    LucascatAuthor
    New Member
    February 8, 2016

    Hi,

    It seems that does not work regardless regexp.

    I've tried also with the exact filename "test.doc.zip" but the attachment is not blocked by Fortigate??!?!

    netmin
    netmin
    New Member
    March 13, 2016

    fwiw, regular expressions operate on the file content only. Unfortunately, a regexp does not seem to be accepted in the name pattern field either.

    You may try this as name pattern: *.???.???

     

     

    Terms & ConditionsAccessibility statement