Mailscanner filename check and report

Julian Field MailScanner at
Sat Nov 10 16:18:16 GMT 2007

Hash: SHA1

I would be very interested if someone can give me a reproducible example 
of when it goes wrong. Before I get that, there's unfortunately very 
little I can do about this problem, sorry.

Rose, Bobby wrote:
> I've been using MailScanner for years and I seen this issue a couple
> times before but just assumed it was a user mistake.  I've seen
> sends back a message with the wrong $filename
> string.  What is sends back is a random string of characters.
> The message says
> One or more of the attachments (VAmRh3qo9P) are on the list of
> unacceptable attachments for this site and will not have been delivered.
> Consider renaming the files to avoid this constraint.
> The virus detector said this about the message:
> Report: Report: Attempt to hide real filename extension (VAmRh3qo9P)
> But in the maillogs, it has the real filename
> Nov  8 10:09:33 eeyore MailScanner[25630]: Message lA8F96O2031926 from
> (cadams2 at to is too big for spam
> checks (2826228 > 200000 bytes)
> Nov  8 10:10:23 eeyore MailScanner[25630]: Expanding TNEF archive at
> /var/spool/MailScanner/incoming/25630/lA8F96O2031926/winmail.dat
> Nov  8 10:10:24 eeyore MailScanner[25630]: Message lA8F96O2031926 added
> TNEF contents RHO Flip Education.lg.10.31.20071.ppt.doc,RHO Flip
> Education.lg.10.31.20071.ppt
> Nov  8 10:10:24 eeyore MailScanner[25630]: Message lA8F96O2031926 has
> had TNEF winmail.dat removed
> Nov  8 10:10:28 eeyore MailScanner[25630]: Filename Checks: Found
> possible filename hiding (lA8F96O2031926 RHO Flip
> Education.lg.10.31.20071.ppt.doc)
> Nov  8 10:10:36 eeyore MailScanner[25630]: Logging message
> lA8F96O2031926 to SQL
> Nov  8 10:10:36 eeyore MailScanner[25756]: lA8F96O2031926: Logged to
> MailWatch SQL
> I'm not sure of the conditions that lead to this because it doesn't
> always happen and if I test myself, the message
> is correct.  Anyone else seen this before?
> -=B


- -- 
Julian Field MEng CITP
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit

Version: PGP Desktop 9.7.0 (Build 867)
Comment: Use Thunderbird's Enigmail add-on to verify this message
Charset: ISO-8859-1


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list