problems with "very long filename" rule?

Dan Hollis spamtrap71892316634 at ANIME.NET
Wed Dec 22 23:17:01 GMT 2004


Peter Bonivart wrote:
> Dan Hollis wrote:
> > Why is this rule tripping?
> > filename.rules.conf:deny        .{150,}                 Very long filename, possible OE attack                  Very long filenames are good signs of attacks against Microsoft e-mail packages
> >
> > Our users are getting reports like this:
> > Report: Very long filenames are good signs of attacks against Microsoft e-mail packages (Inbox%3Fnumber=5.jpg)
> >
> > Surely it shouldnt be tripping on that file? It's not a long filename.
> That's the sanitized version of the name. Look in the quarantine for the
> real name.

They don't get quarantined, they get rejected outright and bounced.

I can't see any way to enable quarantine for 'deny' Filename Rules ?
What exact MailScanner.conf entry enables quarantine for rule-denied files?

-Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list