Truncated long subject lines

[Julian Field]

<x-flowed>
This is intentional behaviour, I'm afraid.
If you get an attachment that happens not to have a filename, Outlook (and
OE) give it a filename which is a copy of the subject line. So all the
exploits that you can perform in attachment filenames can also be triggered
by putting the nasty filename in the subject line of the message instead.

So I have to do a load of mangling on the subject line (particularly very
long subject lines) to avoid exploits against the attachments.

Blame Microsoft for that one :(

At 01:16 16/09/2004, you wrote:
>Hi,
>
>We've gotten customer complaints because MailScanner appears to be
>truncating very long subject lines under certain circumstances.
>
>When a message has a subject line that a) is continued on a second line
>(i.e., contains a LF or CR) and b) has a space at the end of the _first_
>line of the subject, the subject line is truncated at the end of the first
>line as it passes through MailScanner.  For multi-line subjects with _no_
>space at the end of the first line, the subject line is not truncated.
>
>We've tested this on a couple different versions of MailScanner, including
>4.33.3-1, and it happens every time.  On servers that aren't running
>MailScanner, the subject lines aren't truncated.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>