A long gap in a name is often used to hide part of it {Scanne d by HJMS}
Julian Field
mailscanner at ecs.soton.ac.uk
Sat Sep 13 14:35:50 IST 2003
At 17:57 12/09/2003, you wrote:
>Furnish, Trever G wrote:
>>See filename.rules.conf. Mine has a line like so:
>>
>>deny .{150,} Very long filename, possible OE attack
>>Very long filenames are good signs of attacks against Microsoft e-mail
>>packages
>>
>>May be different in whatever version you have installed, but if not, then
>>the limit is 149 characters total - 150 characters will match that rule.
>
>I have seen some messages that got rejected by this rule here recently
>which would have been ok except that the file names were:
>
>TdUkDisplayPro.ICC
>Promotion_Prop.pif
>New Text Docum.scr
>science_ob=MIm.url
>CARS_popup.asp.dat
>Contaminated w.doc
>Press Release .doc
>Press Release -1.doc
>Press Release -2.doc
>Press Release -3.doc
>
>Mostly 18 characters. Anyone else seeing this? It's happening on 3
>different hubs, and all have the standard 150 line in filename rules.
This is because you are seeing the truncated "sanitised" version of the
filename, not the original name. If you check in the MIME headers of the
original message, you will probably see the real filename as being much
longer.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list