Google maps blocked as .ico

Glenn Steen glenn.steen at gmail.com
Wed Feb 6 11:00:56 GMT 2008 

On 06/02/2008, Erik Weber <twiztar at gmail.com> wrote:
> I tried to send an (html) email with the following <img> tag:
>
> <img height="185" alt=""
> src="http://mt.google.com/mapdata?cc=no&Point=b&Point.latitude_e6=52536486&Point.longitude_e6=13473255&Point.iconid=15&Point=e&zl=3&w=270&h=185"
>  >
>
> and it gets blocked with the following message:
> Feb  4 09:34:10 mr1 MailScanner[10893]: Filename Checks: Windows icon
> file security vulnerability (EC92781E7A.38B97
> mapdata?cc=no&Point=b&Point.latitude_e6=52536486&Point.longitude_e6=13473255&Point.iconid=15&Point=e&zl=3&w=270&h=185)
> Feb  4 09:34:10 mr1 MailScanner[10893]: Saved infected
> "mapdata%%3Fcc=no%%26.ico" to
> /var/spool/MailScanner/quarantine/20080204/EC92781E7A.38B97
>
> The only reference to .ico files I have is this in filename.rules.conf:
> deny    \.ico$                  Windows icon file security
> vulnerability                                        Possible buffer
> overflow in Windows
>
> Version information:
> This is Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
> This is Perl version 5.008005 (5.8.5)
> 2.73    File::Basename
> 1.35    HTML::Entities
> 3.54    HTML::Parser
> 2.37    HTML::TokeParser
> 1.21    IO
> 1.10    IO::File
> 1.71    Mail::Header
> 3.05    MIME::Base64
> 5.420   MIME::Decoder
> 5.420   MIME::Decoder::UU
> 5.420   MIME::Head
> 5.420   MIME::Parser
> 3.03    MIME::QuotedPrint
> 5.420   MIME::Tools
>
> I've only taken the packages I believe is relevant, if anything is
> missing or unclear please let me know.
> Any tips, solutions, advices on how to solve this is highly appreciated.
>
If you want to pass attachments that are windoze icon files (or at
least have that file name ending), then why don't you edit your copy
of filename.rules.conf and allow that?
Or is your gripe that this shouldn't have been treated as a file
attachment in the first place? If so, provide a copy (preferably the
message file from your quarantine) of the offending message... Put it
on pastebin or somesuch...:)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list