Filename problem

Scott Silva ssilva at
Fri Jun 23 16:17:19 IST 2006

Julian Field spake the following on 6/22/2006 1:28 PM:
> On Thu22 Jun 06, at 21:08, Jethro R Binks wrote:
>> On Thu, 22 Jun 2006, Scott Silva wrote:
>>> You need to look in the logs to get more detail, as the filename in the
>>> response message is "sanitized", and the real name could be much longer.
>> Well there's the thing.  I recall Julian saying reasonably recently that
>> it wasn't possible to put the "real" or "original" filename in any logs
>> _without_ sanitising it -- for obvious reasons.  Which often makes it
>> difficult to enter into a discussion with the user about the nature of
>> the
>> original filename, other than guesswork.
>> Jethro.
> That is indeed a problem. But the alternative is someone embedding nasty
> things in a filename for an attachment knowing full well that all their
> text will get inserted into an email message. If they can put a virus in
> the Subject: line (which can be done) then this is child's play.
> Fancy a very long filename causing a stack overflow in your syslogd to
> exploit a vulnerability resulting in arbitrary code execution? Didn't
> think so.
> So I don't ever store any unsanitised data anywhere.
I guess I wasn't clear enough. With the log info, you could look at the
original message if you quarantine them and you could see what the original
filename was supposed to be.


MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list