False "hide real filename" issue
Denis Beauchemin
Denis.Beauchemin at USHERBROOKE.CA
Thu Sep 8 16:12:53 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Craig Daters wrote:
> On Sep 8, 2005, at 7:46 AM, Craig Daters wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You guys are all right. I created a file with the same name and sent
> that to myself, and it went through! I'll have to go to the users
> computer and look at the actual email she sent....
>
>
> Indeed, the file name was:
>
> SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com,
> laurieustax.com.csv
>
> To which, all I could say was, "wow! I have to set up a rule to let
> this crap through!?"
>
Craig,
Just comment out the following rule:
# Deny all other double file extensions. This catches any hidden filenames.
#deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Found possible filename
hiding Attempt to hide real filename extension
That's what I did a long time ago because I block all executable file
types (exe, pif, bat, ...).
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list