filename checks = wrong filename report

Sylvain Phaneuf Sylvain.Phaneuf at
Thu Jul 10 08:29:24 IST 2008

>>> Scott Silva <ssilva at> 10/07/2008 00:00 >>>

> And this would be feasible in the body text of a text/plain message 
> section? (which is ultimately what the report is)
> At that point they could just send the exploit in a message body and not 
> bother with a file in the first place.
>> ooohoheresmyreallyscarrrylongfilenamethatcouldbufferoverflowyourpcandletmerunwhateverIwantonit.exe 
>> See, nothing happened, did it? Even if it was thousands of characters 
>> long, it would be no different, because it's in the body text.
> How about when that longscaryfilename..... gets sent to syslog. That is 
> another reason to sanitize the names.
> Julian didn't set it that way to be easier, or to mess with users. He has 
> listed all the reasons in the past, I just can't remember them all.

Sorry, I had not realised this had been discussed in the past. I can't keep up with the MailScanner list people!

I will try to search the archives... 

I see the point about 150 characters limit, but the filename I see in my log is 
and it is 42 characters long.  This attachment was not > 150 characters and yet it's name was sanitized. That's what is really confusing. The sanitizing hides the real fact that caused it to be blocked: it contains multiple extensions. Could the length of the filename trigger a different report that when an attachment has multiple extensions?


More information about the MailScanner mailing list