#
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny, then regular expression, then log text, then user
# report text.
#
# Allow repeated file extension, e.g. blah.zip.zip
allow	(\.[a-z0-9]{3})\1$	-	-

# These are known to be mostly harmless.
allow	\.jpg$			-	-
allow	\.gif$			-	-
# .url is arguably dangerous, but I can't just ban it...
allow	\.url$			-	-
allow	\.vcf$			-	-
allow	\.txt$			-	-
allow	\.zip$			-	-
allow	\.tgz$			-	-
allow	\.bz2$			-	-
allow	\.rpm$			-	-
# PGP and GPG
allow	\.gpg$			-	-
allow	\.pgp$			-	-
allow	\.sig$			-	-
allow	\.asc$			-	-
# Macintosh archives
allow	\.hqx$			-	-
allow	\.sit.bin$		-	-

# Deny all other double file extensions. This catches any hidden filenames.
deny	\.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$	Found possible filename hiding				Attempt to hide real filename extension

# These 2 are well known viruses.
deny	pretty\s+park\.exe$	"Pretty Park" virus								"Pretty Park" virus
deny	happy99.exe$		"Happy" virus									"Happy" virus

# These are known to be dangerous in almost all cases.
deny	\.reg$		Possible Windows registry attack						Windows registry entries are very dangerous in email
# See http://office.microsoft.com/2000/articles/Out2ksecFAQ.htm for more info.
deny	\.cnf$		Possible SpeedDial attack							SpeedDials are very dangerous in email
deny	\.hta$		Possible Microsoft HTML archive attack						HTML archives are very dangerous in email
deny	\.ins$		Possible Microsoft Internet Comm. Settings attack				Windows Internet Settings are dangerous in email
deny	\.jse?$		Possible Microsoft JScript attack						JScript Scripts are dangerous in email
deny	\.lnk$		Possible Eudora *.lnk security hole attack					Eudora *.lnk security hole attack
deny	\.ma[dfgmqrstvw]$	Possible Microsoft Access Shortcut attack				Microsoft Access Shortcuts are dangerous in email
deny	\.pif$		Possible MS-Dos program shortcut attack						Shortcuts to MS-Dos programs are very dangerous in email
deny	\.scf$		Possible Windows Explorer Command attack					Windows Explorer Commands are dangerous in email
deny	\.sct$		Possible Microsoft Windows Script Component attack				Windows Script Components are dangerous in email
deny	\.shb$		Possible document shortcut attack						Shortcuts Into Documents are very dangerous in email
deny	\.shs$		Possible Shell Scrap Object attack						Shell Scrap Objects are very dangerous in email
deny	\.vb[es]$	Possible Microsoft Visual Basic script attack					Visual Basic Scripts are dangerous in email
deny	\.ws[cfh]$	Possible Microsoft Windows Script Host attack					Windows Script Host files are dangerous in email
deny	\.xnk$		Possible Microsoft Exchange Shortcut attack					Microsoft Exchange Shortcuts are dangerous in email