problems with "very long filename" rule?
Dan Hollis
spamtrap71892316634 at ANIME.NET
Wed Dec 22 23:17:01 GMT 2004
Peter Bonivart wrote:
> Dan Hollis wrote:
> > Why is this rule tripping?
> > filename.rules.conf:deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages
> >
> > Our users are getting reports like this:
> > Report: Very long filenames are good signs of attacks against Microsoft e-mail packages (Inbox%3Fnumber=5.jpg)
> >
> > Surely it shouldnt be tripping on that file? It's not a long filename.
> That's the sanitized version of the name. Look in the quarantine for the
> real name.
They don't get quarantined, they get rejected outright and bounced.
I can't see any way to enable quarantine for 'deny' Filename Rules ?
What exact MailScanner.conf entry enables quarantine for rule-denied files?
-Dan
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list