A long gap in a name is often used to hide part of it {Scanne d by HJMS} {Scanned by HJMS}

Furnish, Trever G TGFurnish at HERFF-JONES.COM
Fri Sep 12 21:46:26 IST 2003


My bad - I think I took us in the wrong direction.  His subject was "long
gap", not "long filename".  The rule in question is probably this one:

# Deny filenames with lots of contiguous white space in them.
deny    \s{10,}         Filename contains lots of white space
A long gap in a name is often used to hide part of it

...which matches filenames containing 10 or more contiguous spaces.  The
filenames below do look truncated too though, and it's difficult to reliably
see where whitespace is without the actual uninterpreted source of the
original messages.

> -----Original Message-----
> From: Antony Stone [mailto:Antony at SOFT-SOLUTIONS.CO.UK]
> Sent: Friday, September 12, 2003 12:03 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: A long gap in a name is often used to hide part of it
> {Scanne d by HJMS} {Scanned by HJMS}
>
>
> On Friday 12 September 2003 5:57 pm, Martin Sapsed wrote:
>
> > > deny    .{150,}                 Very long filename,
> possible OE attack
>
> > I have seen some messages that got rejected by this rule
> here recently
> > which would have been ok except that the file names were:
> >
> > TdUkDisplayPro.ICC
> > Promotion_Prop.pif
> > New Text Docum.scr
> > science_ob=MIm.url
> > CARS_popup.asp.dat
> > Contaminated w.doc
> > Press Release .doc
> > Press Release -1.doc
> > Press Release -2.doc
> > Press Release -3.doc
> >
> > Mostly 18 characters. Anyone else seeing this? It's happening on 3
> > different hubs, and all have the standard 150 line in
> filename rules.
>
> These names look truncated to me.   Are you certain that these are the
> attachment names as they were in the original emails which
> got scanned?
>
> Also, are you sure there's no white space before / after / during the
> filenames, as .{150,} will match 150 of any character,
> including spaces,
> tabs, etc...
>
> Antony.
>
> --
>
> What is this talk of software 'release' ?
> Our software evolves and matures until it becomes capable of escape,
> leaving a bloody trail of designers and quality assurance
> people in its wake.
>



More information about the MailScanner mailing list