False "hide real filename" issue

Julian Field MailScanner at ecs.soton.ac.uk
Thu Sep 8 18:21:27 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Craig Daters wrote:

> On Sep 8, 2005, at 7:46 AM, Craig Daters wrote:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA1
>
>     You guys are all right. I created a file with the same name and sent
>     that to myself, and it went through! I'll have to go to the users
>     computer and look at the actual email she sent....
>
>
> Indeed, the file name was:
>
> SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com, 
> laurieustax.com.csv
>
> To which, all I could say was, "wow! I have to set up a rule to let 
> this crap through!?"

What had happened was you were seeing SendTitaniumSe.csv in the log. 
Before MailScanner logs any filename anywhere, or includes it in any 
report, it "sanitizes" it a bit to make it safer. One of its 
sanitisation steps is to strip the body of the filename down to 14 
characters. Otherwise if you had a bug in your syslogd where very long 
log entries were not correctly handled, MailScanner would allow long 
filenames in email messages to be used as a means of exploiting a bug in 
syslogd.

Not that such a bug exists in syslogd as far as I am aware, it's just an 
example of my paranoid programming. Which all contributes to the fact 
that www.secunia.com lists 0 security problems ever found in MailScanner 
4. Which makes me happy :-)

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list