Don't understand this match

[Julian Field]

-----BEGIN PGP SIGNED MESSAGE-----


On 1 Mar 2006, at 22:33, Richard Thomas wrote:

> Julian Field wrote:
>
>>
>> It santises the filenames before logging them or outputting them  
>> in any way.
>> One way it does this is by shortening them, except for the last  
>> filename extension.
>> So you won't always see the full original filename. This is to  
>> stop exploits based on the reporting of filenames (imagine if you  
>> made up a filename that contained MIME boundaries, newline  
>> characters and a complete MIME attachment). It never ever outputs  
>> raw data based on the input data without sanitising it in some form.
>>
>> This is a fundamental anti-attack method I use.
>>
> OK, I understand the reasoning behind that. The problem is then I  
> guess that it obscures the reason the file was blocked in the first  
> place. Not that I'm complaining :) Just wondering if there might be  
> some way to reconcile the two issues.

Not that I have found.

> (For now, I may just make the reject reason more explicit).

That's my preferred solution.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)

iQEVAwUBRAau/vw32o+k+q+hAQF39AgAqe34fCCOHUXzwmYWY8PZikr3IdXidbHT
wsrN39mHvALbIh82RmVUioJdRCknsL6smJXGquhJZGPHZAVZwwdidDdCx7Xsoz2Z
ltVyHGHnVG8LOqMnkG4t97oZXWgRUNtcoLRbUwz4ZlUtWojrSy0i7v+8Vmg2h566
o6tcAUTn9xEaBEBru5jaQFiYg4JDjKp0qJJoiFMiKiswIk5YSgroRmeL5QMKJkuu
B8iGZJ9FvSPVSHdVR6baGEflwIfEr+4WrGVwqkZoHkMnN8JFF6xxXZZc8jDgJLkl
cinILIHu+AOlSmarFuy7W8QHraMnLj49NeeP+ftalwawsiTON3dDwA==
=6B92
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.