A long gap in a name is often used to hide part of it {Scanne d by HJMS}
Martin Sapsed
m.sapsed at BANGOR.AC.UK
Fri Sep 12 17:57:51 IST 2003
Furnish, Trever G wrote:
> See filename.rules.conf. Mine has a line like so:
>
> deny .{150,} Very long filename, possible OE attack
> Very long filenames are good signs of attacks against Microsoft e-mail
> packages
>
> May be different in whatever version you have installed, but if not, then
> the limit is 149 characters total - 150 characters will match that rule.
I have seen some messages that got rejected by this rule here recently
which would have been ok except that the file names were:
TdUkDisplayPro.ICC
Promotion_Prop.pif
New Text Docum.scr
science_ob=MIm.url
CARS_popup.asp.dat
Contaminated w.doc
Press Release .doc
Press Release -1.doc
Press Release -2.doc
Press Release -3.doc
Mostly 18 characters. Anyone else seeing this? It's happening on 3
different hubs, and all have the standard 150 line in filename rules.
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
More information about the MailScanner
mailing list