Filename FP ?
UxBoD
uxbod at splatnix.net
Tue Oct 23 13:38:08 IST 2007
Hi,
I am running the latest release of MS and noticed this morning that a file to one of our uses got blocked with the following :-
MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (467-2007-Flexs.doc)
>From what I can see the old thing that triggers this is in filename.rules.conf which has :-
deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages
Yet if run the following against that filename :-
#!/usr/bin/perl
$x = "467-2007-Flexs.doc";
if ($x =~ /.{150,}/ ) { print "YES"; }
It does not get triggered. Any ideas ? I have looked at SweepOther.pm and nothing jumps out at me :(
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list