Very long filenames?

[Ken Goods]

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> Ken Goods wrote:
>> I received this notification this morning.
>> 
>> Subject: Re:
>> MessageID: l5TDre77020228
>> Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228
>> Report: MailScanner: Very long filenames are good signs of attacks
>> against Microsoft e-mail packages (TCA2AR759CAY3E.jpg)
>> 
>> I was just wondering how long is a *long* filename? This doesn't
>> appear to be excessive as we commonly get Word documents that are
>> much longer. I looked around but couldn't find the upper limit that
>> triggers this rule. 
>> 
> The version you see in reports is the sanitised version of the
> filename. I don't ever output the original filename without
> sanitising it first. The original filename would have been a lot
> longer than this. 
> 
> The original filename could be used to attack either MailScanner or
> your email client. Imagine what happened if you had a long filename
> that contained MIME boundaries and headers in it? You could embed an
> entire virus in the filename of an attachment if you got it just
> right. That would be Very Bad.
> 
>> Thanks,
>> Ken
>> 
>> Ken Goods
>> Network Administrator
>> CropUSA Insurance, Inc.
>> 
> 
> Jules

Thanks Anthony, Glenn, and Jules, I read this list religiously and once you
guys answered I got the *whack* on the head that reminded me that this has
been addressed before. I really appreciate the demeanor of this list... I
should have been drawn and quartered... :) Been a tough week... :)

Thanks again to all and kind regards,
Ken

 
Ken Goods
Network Administrator
CropUSA Insurance, Inc.