Long file names -- truncated?

Julian Field mailscanner at ecs.soton.ac.uk
Sat Sep 13 03:25:01 IST 2003


At 02:25 13/09/2003, you wrote:
>Hi!
>
> > report. Imagine what would happen if someone encoded an entire MIME
> > attachment in the filename of another (harmless, but blocked) attachment.
> > It is quite possible that if someone managed to figure out a way of doing
> > this, they could persuade it to put a dangerous attachment in the
> > MailScanner report. I don't know if that is possible, but it *could* be.
> > And if it *is*, then someone will work out how, and will do it. I always
> > try to write code with a view as to how it could be attacked and broken.
>
>But is it safe to put that in your system logs ? There its showing the
>full one if i am correct ?

The syslog never goes to a user, so it is nowhere near as important. Also,
to a fair extent that is your syslogd's problem and not mine. I have to
draw the line somewhere. The real original filename might be useful to a
site admin, I know I would be annoyed if there was *no* way of getting at
the original real name.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list