Security Alert: ban very long filenames

Julian Field mailscanner at ecs.soton.ac.uk
Thu Jan 30 15:01:58 GMT 2003


There is a bug in some versions of some Microsoft e-mail packages that is
being actively exploited. MessageLabs claim to have stopped over 3,000
copies of it last weekend.

It relies on very long filenames, making it very easy to block.

I strongly advise you add a new rule to the top of your filename.rules.conf
file.
The line should look like

deny    .{150,}         Possible OE attack              Possible attack
against Microsoft e-mail packages

Remember to separate the 4 "fields" on this line with tab characters and
not just spaces.

You can read more about the attack at
http://www.messagelabs.com/viruseye/report.asp?id=130

This rule will be included in the next release of MailScanner, due out at
the end of this week (1st Feb).
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list