Very long filenames?

Bjørn T Johansen btj at havleik.no
Fri Feb 22 12:37:45 GMT 2008 

But how long is max length? And is there a way to find the original filename?

BTJ

On Fri, 22 Feb 2008 12:09:22 +0000
Julian Field <MailScanner at ecs.soton.ac.uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The filename reported has been sanitised before inclusion in the report.
> This is to ensure that no attacks can be launched by doing nasty things 
> like putting a valid MIME section in a very long filename, and then 
> getting MailScanner to report that (complete) filename in an email report.
> 
> Bjørn T Johansen wrote:
> > Why does mailscanner stop this file?
> >
> >
> >
> >
> > The original e-mail attachment "Hovedregelen e.doc"
> >
> > is on the list of unacceptable attachments for this site and has been
> >
> > replaced by this warning message.
> >
> >  
> >
> > If you wish to receive a copy of the original attachment, please
> >
> > e-mail helpdesk and include the whole of this message
> >
> > in your request. Alternatively, you can call them, with
> >
> > the contents of this message to hand when you call.
> >
> >  
> >
> > At Fri Feb 22 09:49:33 2008 the virus scanner said:
> >
> >    MailScanner: Very long filenames are good signs of attacks against
> > Microsoft e-mail packages (Hovedregelen e.doc)
> >
> >
> >
> > The only option I can find in filenames.rules.conf is this..:
> >
> > deny    .{150,}                 Very long filename, possible OE attack 
> >
> >
> > My regexp isn't what it should be, so what does this mean? I don't think this filename is long....?
> >
> >
> > Regards,
> >
> > BTJ
> >  
> >
> >   
> 
> Jules
> 
> - -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.0 (Build 2158)
> Comment: (pgp-secured)
> Charset: ISO-8859-1
> 
> wj8DBQFHvrtzEfZZRxQVtlQRAjmzAKDMc/Zr7cmDvUBavYXigp5q4HdeawCaA4fU
> Rd/A7sUY4olZ+10PaLieGfg=
> =LFn3
> -----END PGP SIGNATURE-----
>

More information about the MailScanner mailing list