possible Bug in 4.28.6 (long filenames)

Julian Field mailscanner at ecs.soton.ac.uk
Wed Apr 7 17:08:38 IST 2004


At 13:08 07/04/2004, you wrote:
>am 07.04.2004 schrieb Spicer, Kevin zum Thema
>  ## Re: possible Bug in 4.28.6 (long filenames) ##
>
> > Stephan Ilaender wrote:
> > > Hi all,
> > >
> > > I've had a mail blocked with the following remark:
> > >
> > > Achtung: Very long filenames are good signs of attacks against
> > > Microsoft e-mail packages (VK Preisliste .doc)
> > >
> > > now "VK Preisliste .doc" ist not really that long and should not be
> > > matched by this expression:
> > The filename in the report is a sanitised version, the original
> filename was
> > probably much longer.
> >
>
>
>Is that so and does the same apply to the quarantined file?

Yes. But if you are creating a URL in the user report for them to retrieve
the file, the filename in the report matches the filename in the quarantine
so everything still works.

>As this was not a virus, it is unlikely that the Filename was actually
>longer than the name displayed above.

It might not have been a virus, but it broke one of the filename sanity
checks and should therefore be handled very carefully.

>However, if this was a matter of sanitising the remark should probably state
>this to avoid Customer irritation (this has only x chars and YOU admins claim
>it's a long filename ... you know what I mean ;))

Feel free to modify the report text sent to the user that is defined in
filename.rules.conf.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list