Quarantined filename with brackets
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Feb 18 18:36:11 GMT 2003
At 18:22 18/02/2003, you wrote:
> Report: (.mp3)
>
>According to dfh1IHuCoq007228, the actual filename of the attachment is
>"TowYardComplaint[1].mp3"
>
>Is there a bug in MailScanner that doesn't report the correct name of an
>attachment, if the filename contains brackets?
The new version should do a much better job of giving you a filename closer
to the original.
However, it won't put in the complete original name as that contains the
characters "[]" which might be abused in an attempt to remotely hack
MailScanner. The filename that appears in the reports is a "sanitised"
version of the original filename, so that no exploits are possible using
malicious filenames in attachments.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list