Long file names -- truncated?
Julian Field
mailscanner at ecs.soton.ac.uk
Sat Sep 13 02:19:36 IST 2003
At 00:52 13/09/2003, you wrote:
>On Sat, 2003-09-13 at 00:32, Leonard Hermens wrote:
>
> >I have a similar case of this. I don't have access to the actually
> >message
> >to verify the original file name.
>
> > Report: Very long filenames are good signs of attacks against
> >Microsoft e-mail packages (WE HOPE YOU WI.doc)
>
>[Sigh] this wouldn't be a problem if only users would learn to put the
>content _inside_ the attachment. These are probably the same people who
>insist on sending blank emails with three line subjects. Although prize
>for the worst use of subject is those who leave it blank. [sighs again]
The filename that is put in user reports is the sanitised safe version of
the filename. Never put incoming data in output files unless you are 100%
sure it is safe to do so.
Say I put the original (longer, quite possibly) filename in the MailScanner
report. Imagine what would happen if someone encoded an entire MIME
attachment in the filename of another (harmless, but blocked) attachment.
It is quite possible that if someone managed to figure out a way of doing
this, they could persuade it to put a dangerous attachment in the
MailScanner report. I don't know if that is possible, but it *could* be.
And if it *is*, then someone will work out how, and will do it. I always
try to write code with a view as to how it could be attacked and broken.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list