Who is this article for?

Users uploading files and creating reports.

Ideagen Internal Audit and Risk Management does not allow multiple dots in filenames.

This article discusses the background of the issue and why the system doesn't support this naming convention.

1. File names

File names are normally made of three parts:

• meaningful part of the name
• a dot
• extension that tells the computer which application is associated with the file

For example, an audit report that opens in Word might be called Audit Report.docx.

The computer recognises .docx as a Word file, so clicking it opens Word.

Hackers exploit peoples' trust in this mechanism by camouflaging harmful programs, making them appear to be harmless files. 

For example, if file name extensions are hidden, a file shown as Audit Report.docx might actually be a harmful program named Audit Report.docx.exe. Opening it could run the malicious software instead of the expected report.

2. System behaviour

2.1 Attachments

In versions up to v1.16, users could upload and download files with multiple dots in their names. However, only the part before the first dot was displayed, so Attachment.1.2.3.docx appeared as Attachment.

From v1.17, to reduce risks linked to multiple extensions, uploading files with more than one dot in the name is no longer allowed.

2.2. Report names

The application does not permit dots in report titles, as this would create filenames with multiple dots when downloaded.

Earlier versions did not clearly indicate this restriction; using a dot in a title resulted in the error: '[report title]' could not be generated.

Later versions will provide a clearer error message.