Very long filenames?

Julian Field MailScanner at ecs.soton.ac.uk
Fri Feb 22 12:09:22 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The filename reported has been sanitised before inclusion in the report.
This is to ensure that no attacks can be launched by doing nasty things 
like putting a valid MIME section in a very long filename, and then 
getting MailScanner to report that (complete) filename in an email report.

Bjørn T Johansen wrote:
> Why does mailscanner stop this file?
>
>
>
>
> The original e-mail attachment "Hovedregelen e.doc"
>
> is on the list of unacceptable attachments for this site and has been
>
> replaced by this warning message.
>
>  
>
> If you wish to receive a copy of the original attachment, please
>
> e-mail helpdesk and include the whole of this message
>
> in your request. Alternatively, you can call them, with
>
> the contents of this message to hand when you call.
>
>  
>
> At Fri Feb 22 09:49:33 2008 the virus scanner said:
>
>    MailScanner: Very long filenames are good signs of attacks against
> Microsoft e-mail packages (Hovedregelen e.doc)
>
>
>
> The only option I can find in filenames.rules.conf is this..:
>
> deny    .{150,}                 Very long filename, possible OE attack 
>
>
> My regexp isn't what it should be, so what does this mean? I don't think this filename is long....?
>
>
> Regards,
>
> BTJ
>  
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.0 (Build 2158)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFHvrtzEfZZRxQVtlQRAjmzAKDMc/Zr7cmDvUBavYXigp5q4HdeawCaA4fU
Rd/A7sUY4olZ+10PaLieGfg=
=LFn3
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list