Problem with mailscanner after upgrading to newest (filename checks)

[Julian Field]

On 11/2/09 16:16, Steve Campbell wrote:
>
>
> jonas at vrt.dk wrote:
>>
>> Hi list
>>
>>
>>
>> I got a problem after upgrading to latest mailscanner:
>>
>>
>>
>> scanner0 MailScanner[30533]: Spam Checks completed at 11761 bytes per 
>> second
>>
>> scanner0 MailScanner[30533]: Filename Checks: Filename contains lots 
>> of white space (1LWooQ-0004kj-1j              195752.pdf)
>>
>> scanner0 MailScanner[30533]: Other Checks: Found 1 problems
>>
>>
>>
>> This looks a bit weird to me, is that how it normally looks? A msgid 
>> and then a filename without any commas or anything?
>>
>>
>>
>> My issue is that mailwatch, the reports etc all report the filename 
>> as being:
>>
>>
>>
>> Mailwatch:
>>
>> MailScanner: A long gap in a name is often used to hide part of it 
>> (195752.pdf)
>>
>>
>>
>>
>>
>>
>>
>> Report: MailScanner: A long gap in a name is often used to hide part 
>> of it
>>
>> (195752.pdf)
>>
>>
>>
>> In both places the filename does not apaer to contain spaces.
>>
MailScanner (and MailWatch) sanitise the filenames before reporting 
them, as passing untrusted data to the output of any system is a very 
bad idea. So the filenames you see in the reports will have had long 
strings of spaces removed, and various other massaging techniques to 
ensure that no security vulnerabilities are introduced by reporting the 
original name of the attachment.

It has always done this, ever since version 1.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.