filename checks = wrong filename report
Scott Silva
ssilva at sgvwater.com
Wed Jul 9 23:02:41 IST 2008
on 7-9-2008 2:43 AM Sylvain Phaneuf spake the following:
>>>> On 09/07/2008 at 10:26, shuttlebox <shuttlebox at gmail.com> wrote:
>> The filename in the report is the sanitized version. I've had the same
>> problem explaining to users that the original filename was longer than
>> 150 characters when the reported one is clearly shorter. I just added
>> a few explaining words to the reports to solve the problem.
>
> I would rather have a report that is not using a "sanitized version" if it were possible.
>
> I would prefer not saying to the user: trust us, we know this attachment is not good for you, even if the filename appears OK.
>
> And in the case I am reporting, the filename is less than 150 characters long anyway...
>
> Sylvain
>
But if the un-sanitized name has some buffer overflow or other attack in it,
you have a possible problem for the user. That is one reason why filenames are
sanitized.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/a10bdda8/signature.bin
More information about the MailScanner
mailing list