Security Alert: ban very long filenames

Rose, Bobby brose at MED.WAYNE.EDU
Thu Jan 30 15:35:49 GMT 2003


Is this the correct article?  It sounds more like multiple extensions
and not long filenames.

-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK] 
Sent: Thursday, January 30, 2003 10:02 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Security Alert: ban very long filenames


There is a bug in some versions of some Microsoft e-mail packages that
is being actively exploited. MessageLabs claim to have stopped over
3,000 copies of it last weekend.

It relies on very long filenames, making it very easy to block.

I strongly advise you add a new rule to the top of your
filename.rules.conf file. The line should look like

deny    .{150,}         Possible OE attack              Possible attack
against Microsoft e-mail packages

Remember to separate the 4 "fields" on this line with tab characters and
not just spaces.

You can read more about the attack at
http://www.messagelabs.com/viruseye/report.asp?id=130

This rule will be included in the next release of MailScanner, due out
at the end of this week (1st Feb).
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support




More information about the MailScanner mailing list