Filename problem

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jun 22 21:28:45 IST 2006


On Thu22 Jun 06, at 21:08, Jethro R Binks wrote:

> On Thu, 22 Jun 2006, Scott Silva wrote:
>
>> You need to look in the logs to get more detail, as the filename  
>> in the
>> response message is "sanitized", and the real name could be much  
>> longer.
>
> Well there's the thing.  I recall Julian saying reasonably recently  
> that
> it wasn't possible to put the "real" or "original" filename in any  
> logs
> _without_ sanitising it -- for obvious reasons.  Which often makes it
> difficult to enter into a discussion with the user about the nature  
> of the
> original filename, other than guesswork.
>
> Jethro.

That is indeed a problem. But the alternative is someone embedding  
nasty things in a filename for an attachment knowing full well that  
all their text will get inserted into an email message. If they can  
put a virus in the Subject: line (which can be done) then this is  
child's play.
Fancy a very long filename causing a stack overflow in your syslogd  
to exploit a vulnerability resulting in arbitrary code execution?  
Didn't think so.

So I don't ever store any unsanitised data anywhere.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list