Long file names -- truncated?

Martin Sapsed m.sapsed at BANGOR.AC.UK
Tue Sep 16 18:25:35 IST 2003


Julian Field wrote:
> At 00:52 13/09/2003, you wrote:
>
>> On Sat, 2003-09-13 at 00:32, Leonard Hermens wrote:
>>
>> >I have a similar case of this. I don't have access to the actually
>> >message
>> >to verify the original file name.
>>
>> >     Report: Very long filenames are good signs of attacks against
>> >Microsoft e-mail packages (WE HOPE YOU WI.doc)
>>
>> [Sigh] this wouldn't be a problem if only users would learn to put the
>> content _inside_ the attachment.  These are probably the same people who
>> insist on sending blank emails with three line subjects.  Although prize
>> for the worst use of subject is those who leave it blank. [sighs again]
>
>
> The filename that is put in user reports is the sanitised safe version of
> the filename. Never put incoming data in output files unless you are 100%
> sure it is safe to do so.
>
> Say I put the original (longer, quite possibly) filename in the MailScanner
> report. Imagine what would happen if someone encoded an entire MIME
> attachment in the filename of another (harmless, but blocked) attachment.
> It is quite possible that if someone managed to figure out a way of doing
> this, they could persuade it to put a dangerous attachment in the
> MailScanner report. I don't know if that is possible, but it *could* be.
> And if it *is*, then someone will work out how, and will do it. I always
> try to write code with a view as to how it could be attacked and broken.

OK folks - just checked the maillog on one of the hubs and the
attachment name for some of the ones I quoted are ludicrous iso-8859-1
rambling strings. Will look a bit harder next time before joining in
with a thread which had gone astray anyhow!

Doh!

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth



More information about the MailScanner mailing list