Mailscanner filename and filetype rules
Alex Neuman van der Hans
alex at rtpty.com
Fri Dec 19 20:28:30 GMT 2008
Let's not. A carefully constructed file meeting your criteria for
"safe" could get past all three.
On Dec 19, 2008, at 1:43 PM, traced <traced at xpear.de> wrote:
> Hi,
>
> do you use the default settings shipped with mailscanner for
> filename- and type checking? I played around with them the last few
> days, and think that they are, hmm, lets call paranoid.
>
> My users are sending a lot of zipped files across the web,
> containing word ducuments, powerpoint presentations, and sometimes
> complete zipped folders, including some .lnk windows link files.
> Such mails never go through the gates, heres an example:
>
> Am Fri Dec 19 18:06:01 2008 meldete der Virenscanner folgendes:
> MailScanner: Possible Eudora *.lnk security hole attack
> (leereStammdaten.lnk.lnk)
> MailScanner: Possible Eudora *.lnk security hole attack (Verknpfu
> ngmit.lnk)
> MailScanner: Possible Eudora *.lnk security hole attack (Verknpfu
> ngmitAufbauformulare.doc.lnk)
> MailScanner: No programs allowed (MouseHook.dll)
> MailScanner: Possible Eudora *.lnk security hole attack (Verknpfu
> ngmitVertrag.doc.lnk)
> MailScanner: Found possible filename hiding (170_HNR27Angeb.dot)
>
> How do you handle this? Should I give more trust to my virus
> scanners? I use Clam, and Avira Antivir on my gates.
>
> Thanks a lot,
> Bastian
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list