Very long filenames?

Glenn Steen glenn.steen at gmail.com
Fri Jun 29 16:30:50 IST 2007


On 29/06/07, Ken Goods <KGoods at aiainsurance.com> wrote:
> I received this notification this morning.
>
> Subject: Re:
> MessageID: l5TDre77020228
> Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228
> Report: MailScanner: Very long filenames are good signs of attacks against
> Microsoft e-mail packages (TCA2AR759CAY3E.jpg)
>
> I was just wondering how long is a *long* filename? This doesn't appear to
> be excessive as we commonly get Word documents that are much longer. I
> looked around but couldn't find the upper limit that triggers this rule.
>
> Thanks,
> Ken
You can see this in you filename.rules.conf file:
deny    .{150,}                 Very long filename, possible OE attack
                                         Very long filenames are good
signs of attacks
 against Microsoft e-mail packages
...
Which means 150 characters or more. The filename as displayed in the
report has been "sanitised", for security reasons, so might look a bit
... confusing:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list