Checking Suspected E-Mails

Matt Kettler mkettler at
Tue Jun 20 00:47:47 IST 2006

Rick Chadderdon wrote:

<snip, lots of stuff we basically agree on. However, your platform assumption
argument isn't 100% valid.>

> To bring this back onto topic:  Andrew's original problem wasn't the
> format of the resume, it was the fact that the filename of the resume
> contained a CLSID string.  If someone sent me a resume with the filename
> "TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html", I would be
> likely to delete it unread, even if it did make it past MailScanner.

True. I'd agree 100%. There are some filenames that are just over the top.

However, consider if it was something like "Resume-kettler.matt.pdf".

You can't take the platform assumption argument, other than that I'm assuming
you're using a graphical OS. (ok, I'm assuming you're not using a dumb terminal
connected to a VAX...)

There's certainly nothing suspect, or even out of the ordinary, about that

The filetype itself is not amenable to carrying attacks. (it's not able to carry
over-powered macros that can do more-or-less anything like word documents)

However, that file name would be blocked by the default filename.rules.conf.

There's no default "allow" rule for pdf's and ".matt.pdf" would match the
default "double extension" rule.

For reference, the default double-extension rule is:

The filename would be unreasonably blocked by MailScanner. Asking a person to
try to dodge MS's default filename rules is, IMHO, unreasonable.

"Re-send it in text" makes it sound like your computing facilities were state of
the art in 1990 and haven't improved since. (Can't handle a PDF because Windows
98, Macos 9, OS/2 warp and RedHat 6.0 are all too new for you eh?)

More information about the MailScanner mailing list