Very long filenames?

Julian Field MailScanner at
Fri Jun 29 16:30:49 IST 2007

Hash: SHA1

Ken Goods wrote:
> I received this notification this morning. 
> Subject: Re: 
> MessageID: l5TDre77020228
> Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228
> Report: MailScanner: Very long filenames are good signs of attacks against
> Microsoft e-mail packages (TCA2AR759CAY3E.jpg)
> I was just wondering how long is a *long* filename? This doesn't appear to
> be excessive as we commonly get Word documents that are much longer. I
> looked around but couldn't find the upper limit that triggers this rule.
The version you see in reports is the sanitised version of the filename. 
I don't ever output the original filename without sanitising it first. 
The original filename would have been a lot longer than this.

The original filename could be used to attack either MailScanner or your 
email client. Imagine what happened if you had a long filename that 
contained MIME boundaries and headers in it? You could embed an entire 
virus in the filename of an attachment if you got it just right. That 
would be Very Bad.

> Thanks,
> Ken
> Ken Goods
> Network Administrator
> CropUSA Insurance, Inc.


- -- 
Julian Field MEng CITP
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit

Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit

More information about the MailScanner mailing list