Quarantined filename with brackets

Julian Field mailscanner at ecs.soton.ac.uk
Tue Feb 18 18:36:11 GMT 2003

At 18:22 18/02/2003, you wrote:
>     Report:  (.mp3)
>According to dfh1IHuCoq007228, the actual filename of the attachment is
>Is there a bug in MailScanner that doesn't report the correct name of an
>attachment, if the filename contains brackets?

The new version should do a much better job of giving you a filename closer
to the original.

However, it won't put in the complete original name as that contains the
characters "[]" which might be abused in an attempt to remotely hack
MailScanner. The filename that appears in the reports is a "sanitised"
version of the original filename, so that no exploits are possible using
malicious filenames in attachments.
Julian Field
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list