Mailscanner filename check and report

Rose, Bobby brose at
Sat Nov 10 14:37:13 GMT 2007

I've been using MailScanner for years and I seen this issue a couple
times before but just assumed it was a user mistake.  I've seen sends back a message with the wrong $filename
string.  What is sends back is a random string of characters.

The message says

One or more of the attachments (VAmRh3qo9P) are on the list of
unacceptable attachments for this site and will not have been delivered.

Consider renaming the files to avoid this constraint.

The virus detector said this about the message:
Report: Report: Attempt to hide real filename extension (VAmRh3qo9P)

But in the maillogs, it has the real filename

Nov  8 10:09:33 eeyore MailScanner[25630]: Message lA8F96O2031926 from (cadams2 at to is too big for spam
checks (2826228 > 200000 bytes)
Nov  8 10:10:23 eeyore MailScanner[25630]: Expanding TNEF archive at
Nov  8 10:10:24 eeyore MailScanner[25630]: Message lA8F96O2031926 added
TNEF contents RHO Flip Education.lg.10.31.20071.ppt.doc,RHO Flip
Nov  8 10:10:24 eeyore MailScanner[25630]: Message lA8F96O2031926 has
had TNEF winmail.dat removed
Nov  8 10:10:28 eeyore MailScanner[25630]: Filename Checks: Found
possible filename hiding (lA8F96O2031926 RHO Flip
Nov  8 10:10:36 eeyore MailScanner[25630]: Logging message
lA8F96O2031926 to SQL
Nov  8 10:10:36 eeyore MailScanner[25756]: lA8F96O2031926: Logged to
MailWatch SQL

I'm not sure of the conditions that lead to this because it doesn't
always happen and if I test myself, the message
is correct.  Anyone else seen this before?


More information about the MailScanner mailing list