Mailscanner filename check and report
brose at med.wayne.edu
Sat Nov 10 14:37:13 GMT 2007
I've been using MailScanner for years and I seen this issue a couple
times before but just assumed it was a user mistake. I've seen
sender.filename.report sends back a message with the wrong $filename
string. What is sends back is a random string of characters.
The message says
One or more of the attachments (VAmRh3qo9P) are on the list of
unacceptable attachments for this site and will not have been delivered.
Consider renaming the files to avoid this constraint.
The virus detector said this about the message:
Report: Report: Attempt to hide real filename extension (VAmRh3qo9P)
But in the maillogs, it has the real filename
Nov 8 10:09:33 eeyore MailScanner: Message lA8F96O2031926 from
184.108.40.206 (cadams2 at dmc.org) to med.wayne.edu is too big for spam
checks (2826228 > 200000 bytes)
Nov 8 10:10:23 eeyore MailScanner: Expanding TNEF archive at
Nov 8 10:10:24 eeyore MailScanner: Message lA8F96O2031926 added
TNEF contents RHO Flip Education.lg.10.31.20071.ppt.doc,RHO Flip
Nov 8 10:10:24 eeyore MailScanner: Message lA8F96O2031926 has
had TNEF winmail.dat removed
Nov 8 10:10:28 eeyore MailScanner: Filename Checks: Found
possible filename hiding (lA8F96O2031926 RHO Flip
Nov 8 10:10:36 eeyore MailScanner: Logging message
lA8F96O2031926 to SQL
Nov 8 10:10:36 eeyore MailScanner: lA8F96O2031926: Logged to
I'm not sure of the conditions that lead to this because it doesn't
always happen and if I test myself, the sender.filename.report message
is correct. Anyone else seen this before?
More information about the MailScanner