Bug in filename rules handling?
mailscanner at BARENDSE.TO
Tue Mar 11 08:01:36 GMT 2003
This morning we have received a message with filename extension hiding.
The attachment is named ACN.DOC.xls.doc
Mar 10 17:38:12 linux MailScanner: New Batch: Scanning 1 messages, 38249 bytes
Mar 10 17:38:12 linux MailScanner: Virus and Content Scanning: Starting
Mar 10 17:38:12 linux MailScanner: Filename Checks: Found possible filename hiding (ACN.DOC.xls.doc)
Mar 10 17:38:12 linux MailScanner: Other Checks: Found 1 problems
Mar 10 17:38:12 linux MailScanner: Saved entire message to /var/spool/MailScanner/quarantine/20030310/h2AGcBSh018875
Mar 10 17:38:12 linux MailScanner: Cleaned: Delivered 1 cleaned messages
Although a notification was sent to postmaster that a virus had been
caught, and the message subject was correctly modified and there was a
notification inside the message to look inside VirusWarning.txt things
The attachment was let through 'as-is' without renaming or without
removing it. Furthermore there was no VirusWarning.txt attached to the
mail message although the body of the message referred to it. I have set
however that warnings should *not* be sent as an attachment so maybe this
is another bug?
Things worked fine with the 4.12 release, this was found on release
The message went through our Exchange server and because of a forward rule
the message was sent outside again. Again MailScanner reported the problem
but did not remove the attachment!
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner