Security Alert: ban very long filenames

Julian Field mailscanner at
Thu Jan 30 15:01:58 GMT 2003

There is a bug in some versions of some Microsoft e-mail packages that is
being actively exploited. MessageLabs claim to have stopped over 3,000
copies of it last weekend.

It relies on very long filenames, making it very easy to block.

I strongly advise you add a new rule to the top of your filename.rules.conf
The line should look like

deny    .{150,}         Possible OE attack              Possible attack
against Microsoft e-mail packages

Remember to separate the 4 "fields" on this line with tab characters and
not just spaces.

You can read more about the attack at

This rule will be included in the next release of MailScanner, due out at
the end of this week (1st Feb).
Julian Field
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list