filename checks = wrong filename report

[Julian Field]

Sylvain Phaneuf wrote:
>>>> On 09/07/2008 at 10:26, shuttlebox <shuttlebox at gmail.com> wrote:
>>>>         
>> The filename in the report is the sanitized version. I've had the same
>> problem explaining to users that the original filename was longer than
>> 150 characters when the reported one is clearly shorter. I just added
>> a few explaining words to the reports to solve the problem.
>>     
>
> I would rather have a report that is not using a "sanitized version" if it were possible. 
>   
And what happens when someone sends you an attachment whose filename is 
very long and contains embedded newlines and whitespace and stuff like 
that. Now you can embed a MIME section in the filename itself. Now you 
can generate a report that actually has an attachment in it, solely 
created by the "filename" of the rogue attachment. Now you can actually 
embed a virus in the report, using the report of the original "filename" 
as the vector for including it.

Oh yes, I want that! :-(

Sorry, but this is a *very* bad idea, and I'm not going to write it.

I only ever put sanitised versions of filenames in any output produced 
by MailScanner. Otherwise some bright spark will work out how to do what 
I describe above. MailScanner has a very good reputation in the software 
security world, and I intend to keep it. :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.