Very long filenames?
Ken Goods
KGoods at AIAInsurance.com
Fri Jun 29 19:58:42 IST 2007
Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Ken Goods wrote:
>> I received this notification this morning.
>>
>> Subject: Re:
>> MessageID: l5TDre77020228
>> Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228
>> Report: MailScanner: Very long filenames are good signs of attacks
>> against Microsoft e-mail packages (TCA2AR759CAY3E.jpg)
>>
>> I was just wondering how long is a *long* filename? This doesn't
>> appear to be excessive as we commonly get Word documents that are
>> much longer. I looked around but couldn't find the upper limit that
>> triggers this rule.
>>
> The version you see in reports is the sanitised version of the
> filename. I don't ever output the original filename without
> sanitising it first. The original filename would have been a lot
> longer than this.
>
> The original filename could be used to attack either MailScanner or
> your email client. Imagine what happened if you had a long filename
> that contained MIME boundaries and headers in it? You could embed an
> entire virus in the filename of an attachment if you got it just
> right. That would be Very Bad.
>
>> Thanks,
>> Ken
>>
>> Ken Goods
>> Network Administrator
>> CropUSA Insurance, Inc.
>>
>
> Jules
Thanks Anthony, Glenn, and Jules, I read this list religiously and once you
guys answered I got the *whack* on the head that reminded me that this has
been addressed before. I really appreciate the demeanor of this list... I
should have been drawn and quartered... :) Been a tough week... :)
Thanks again to all and kind regards,
Ken
Ken Goods
Network Administrator
CropUSA Insurance, Inc.
More information about the MailScanner
mailing list