Filename problem
Scott Silva
ssilva at sgvwater.com
Fri Jun 23 16:17:19 IST 2006
Julian Field spake the following on 6/22/2006 1:28 PM:
> On Thu22 Jun 06, at 21:08, Jethro R Binks wrote:
>
>> On Thu, 22 Jun 2006, Scott Silva wrote:
>>
>>> You need to look in the logs to get more detail, as the filename in the
>>> response message is "sanitized", and the real name could be much longer.
>>
>> Well there's the thing. I recall Julian saying reasonably recently that
>> it wasn't possible to put the "real" or "original" filename in any logs
>> _without_ sanitising it -- for obvious reasons. Which often makes it
>> difficult to enter into a discussion with the user about the nature of
>> the
>> original filename, other than guesswork.
>>
>> Jethro.
>
> That is indeed a problem. But the alternative is someone embedding nasty
> things in a filename for an attachment knowing full well that all their
> text will get inserted into an email message. If they can put a virus in
> the Subject: line (which can be done) then this is child's play.
> Fancy a very long filename causing a stack overflow in your syslogd to
> exploit a vulnerability resulting in arbitrary code execution? Didn't
> think so.
>
> So I don't ever store any unsanitised data anywhere.
>
I guess I wasn't clear enough. With the log info, you could look at the
original message if you quarantine them and you could see what the original
filename was supposed to be.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list