problems with "very long filename" rule?
Dan Hollis
spamtrap71892316634 at ANIME.NET
Thu Dec 23 01:55:12 GMT 2004
On Thu, 23 Dec 2004, Peter Bonivart wrote:
> > mailscanner should report the original filename when reporting a
> > violation.
> It can be risky to use the original filename if it's intended to do
> damage.
Only risky if it's used as filename attachment, surely putting something
like
C:\\something\really\long\filename\blablabla\yadda\file.jpg
in the body of a message can't do damage? It's not a link and it's not an
attachment.
Or, you're saying I just did potentially do some damage from the above line? :-)
> Julian always sanitize logs and other stuff generated by MS. I
> quarantine the message as queue files so I look into the Sendmail
> df-file to see all attachments. If you really want to know I recommend
> you do the same but why do you need to know the original name? It tells
> you the reason for blocking the message, do you have to check if the
> rule is working? That will get old real fast. :-)
There are a number of problems here:
1) The problem here is that while it _was_ quarantined, the body of the
message did not say that at all. So I had to dig through filesystem. We
are medium sized isp with many users and heavy mail load and 'find' took
quite some time.
2) In any case it's nice to have the original ("non-safed") filename
in order to point out to the user exactly what was wrong. I had to dig
through gigabytes of server logs to find the original filename. (Not to
mention the quarantine id, which was not included in the report!)
3) And shouldnt this be a choice of the mail administrator anyways, not a
unilateral decision of mailscanner to always mangle the filename without
consent of the server admin?
-Dan
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list