Don't understand this match
MailScanner at ecs.soton.ac.uk
Thu Mar 2 08:38:17 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 1 Mar 2006, at 22:33, Richard Thomas wrote:
> Julian Field wrote:
>> It santises the filenames before logging them or outputting them
>> in any way.
>> One way it does this is by shortening them, except for the last
>> filename extension.
>> So you won't always see the full original filename. This is to
>> stop exploits based on the reporting of filenames (imagine if you
>> made up a filename that contained MIME boundaries, newline
>> characters and a complete MIME attachment). It never ever outputs
>> raw data based on the input data without sanitising it in some form.
>> This is a fundamental anti-attack method I use.
> OK, I understand the reasoning behind that. The problem is then I
> guess that it obscures the reason the file was blocked in the first
> place. Not that I'm complaining :) Just wondering if there might be
> some way to reconcile the two issues.
Not that I have found.
> (For now, I may just make the reject reason more explicit).
That's my preferred solution.
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)
-----END PGP SIGNATURE-----
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner