The register has an article about triple exentions. http://www.theregister.co.uk/content/56/29137.html What it states is that by creating a attatchment like: vacation.jpg.exe.jpg, a trojan can be put in. The user sees the first extension, the third is used for the icon, and the middle is for launching. Does the sanitizer catch it?