Problem with mailscanner after upgrading to newest (filename checks)

Rick Cooper rcooper at dwford.com
Wed Feb 11 16:11:18 GMT 2009 

The filename in the reports has been sanitized and made safe, it's not the
full and actual filename as was sent since it was determined to be
potentialy dangerous.
 
Rick


  _____  

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
jonas at vrt.dk
Sent: Wednesday, February 11, 2009 10:35 AM
To: mailscanner at lists.mailscanner.info
Subject: Problem with mailscanner after upgrading to newest (filename
checks)



Hi list

 

I got a problem after upgrading to latest mailscanner:

 

scanner0 MailScanner[30533]: Spam Checks completed at 11761 bytes per second

scanner0 MailScanner[30533]: Filename Checks: Filename contains lots of
white space (1LWooQ-0004kj-1j              195752.pdf)

scanner0 MailScanner[30533]: Other Checks: Found 1 problems

 

This looks a bit weird to me, is that how it normally looks? A msgid and
then a filename without any commas or anything?

 

My issue is that mailwatch, the reports etc all report the filename as
being:

 

Mailwatch:

MailScanner: A long gap in a name is often used to hide part of it
(195752.pdf)

 

 

The email report:

One or more of the attachments (195752.pdf) are on

the list of unacceptable attachments for this site and will not have

been delivered.

 

Consider renaming the files to avoid this constraint.

 

The virus detector said this about the message:

Report: MailScanner: A long gap in a name is often used to hide part of it

(195752.pdf)

 

In both places the filename does not apaer to contain spaces.

 

Let me dump some maybe related config vars:

 

Running on

Linux scanner0 2.6.18-6-686-bigmem #1 SMP Fri Dec 12 17:49:59 UTC 2008 i686
GNU/Linux

This is Perl version 5.008008 (5.8.8)

 

This is MailScanner version 4.74.16

Module versions are:

1.00    AnyDBM_File

1.26    Archive::Zip

0.23    bignum

1.04    Carp

1.41    Compress::Zlib

1.119   Convert::BinHex

0.17    Convert::TNEF

2.121_08        Data::Dumper

2.27    Date::Parse

1.00    DirHandle

1.05    Fcntl

2.74    File::Basename

2.09    File::Copy

2.01    FileHandle

2.07    File::Path

0.21    File::Temp

0.92    Filesys::Df

3.57    HTML::Entities

3.59    HTML::Parser

3.57    HTML::TokeParser

1.23    IO

1.14    IO::File

1.13    IO::Pipe

2.04    Mail::Header

1.89    Math::BigInt

0.22    Math::BigRat

3.07    MIME::Base64

5.427   MIME::Decoder

5.427   MIME::Decoder::UU

5.427   MIME::Head

5.427   MIME::Parser

3.07    MIME::QuotedPrint

5.427   MIME::Tools

0.11    Net::CIDR

1.25    Net::IP

0.16    OLE::Storage_Lite

1.04    Pod::Escapes

3.07    Pod::Simple

1.09    POSIX

1.19    Scalar::Util

1.78    Socket

2.18    Storable

1.4     Sys::Hostname::Long

0.27    Sys::Syslog

1.26    Test::Pod

0.86    Test::Simple

1.9715  Time::HiRes

1.02    Time::localtime

 

Optional module versions are:

1.42    Archive::Tar

0.23    bignum

2.03    Business::ISBN

20081208        Business::ISBN::Data

1.12    Data::Dump

1.814   DB_File

1.14    DBD::SQLite

1.607   DBI

1.15    Digest

1.01    Digest::HMAC

2.38    Digest::MD5

2.11    Digest::SHA1

1.01    Encode::Detect

0.17015 Error

0.24    ExtUtils::CBuilder

2.19    ExtUtils::ParseXS

2.37    Getopt::Long

0.45    Inline

1.08    IO::String

1.04    IO::Zlib

2.25    IP::Country

missing Mail::ClamAV

3.002005        Mail::SpamAssassin

v2.006  Mail::SPF

1.999001        Mail::SPF::Query

0.3     Module::Build

0.20    Net::CIDR::Lite

0.63    Net::DNS

v0.003  Net::DNS::Resolver::Programmable

0.39    Net::LDAP

 4.021  NetAddr::IP

1.94    Parse::RecDescent

missing SAVI

3.14    Test::Harness

1.22    Test::Manifest

2.0.0   Text::Balanced

1.37    URI

0.76    version

0.68    YAML

scanner0:/opt/MailScanner/etc#

 

 

In conf I got:

 

Expand TNEF = yes

Use TNEF Contents = replace

TNEF Expander = internal

 

Let me know if anybody can think of stuff I can try to fix this. If its an
issue at all. I guess my real question is how can I know if the attachment
had many whitespaces or not?

 

Med venlig hilsen / Best regards

 

Jonas Akrouh Larsen

 

TechBiz ApS

Laplandsgade 4, 2. sal

2300 København S

 

Office: 7020 0979

Direct: 3336 9974

Mobile: 5120 1096

Fax:    7020 0978

Web:  <http://www.techbiz.dk> www.techbiz.dk

 


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is 
believed to be clean. 


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090211/b0693133/attachment.html

More information about the MailScanner mailing list