confusing message {Virus Scanned}

Steen, Glenn Glenn.Steen at AP1.SE
Wed Jun 8 16:28:53 IST 2005 

Scott Silva wrote:
> Christo Bezuidenhout wrote:
>> Is that one file or two different files. In WindoZE you can create a
>> file with a ',' in the filename. That could be why it has been
>> blocked. Because of the length of the single file.
>> 
>> Christo
>> 
>> 
>> 
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
>> On Behalf Of Craig White Sent: 08 June 2005 03:22 AM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: confusing message {Virus Scanned}
>> 
>> # rpm -qa mailscanner
>> mailscanner-4.40.5-1
>> 
>> One of my users reports this error...
>> 
>> Our e-mail content detector has just been triggered by a message you
>> sent:
>>   To: obscured_email_address
>>   Subject: Homeowners Financial
>>   Date: Tue Jun  7 12:00:04 2005
>> 
>> One or more of the attachments (Payroll Adjust.doc, Payroll
>> Adjust-1.doc) are on the list of unacceptable attachments for this
>> site and will not have been delivered. 
>> 
>> Consider renaming the files to avoid this constraint.
>> 
>> The virus detector said this about the message:
>> Report: Report: MailScanner: Very long filenames are good signs of
>> attacks against Microsoft e-mail packages (Payroll Adjust.doc)
>> Report: MailScanner: Very long filenames are good signs of attacks
>> against Microsoft e-mail packages (Payroll Adjust-1.doc)
>> ---
>> 
>> Is this a .doc filetype problem? It complains about filename lengths
>> but these seem sufficiently short to me.
>> 
>> Not knowing what else to do, I have added to filename.rules.conf
>> 
>> allow   \.doc$                  -       -
>> 
> 
> It is hitting the rule "deny	.{150,}" But that is looking for a lot
of
> characters after the first dot.
> Although the error message shows a short file name, some of the
> messages get "sanitized" filenames. You need to look at the original
> message to see whats up.
> 
> 
I might be totally off base, but isn't this likely to be your regular
spam/scam/trojan/whatever? Just from looking at the subject and
purported
content...

-- Glenn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list