filename rules
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Tue May 5 13:50:57 IST 2009
Jan Agermose a écrit :
>
> hi
>
>
>
> we see a few messages like this:
>
>
>
> The virus detector said this about the message:
> Report: Report: MailScanner: Attempt to hide real filename extension
> (invoice 657 L%F8.pdf)
>
>
>
>
>
> because people are using the dainsh chars æøå in the filenames - Im
> guessing other languages have the samme issues when people are
> attaching documents that are using special hars not in
>
>
>
> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$
>
>
>
> I would like to say "yea but its simply not allowed in the mail
> standard" - but im not even sure if its true or if its just an old
> rule not updated now that its 2009 and unicode or what ever.
>
>
>
> I dont actually see how it would hit this rule as there is only one \.
> in the filename and the rule seams to need two \. to hit... But I dont
> find any other rules having the response "Attempt to hide real
> filename extension".
>
>
>
>
>
Jan,
I doubt this is the rule that matched (unless the filename you provided
isn't complete because it was sanitized). You are right about the 2 \.
This rule wants to deny files such as filename.pdf.exe. I disabled this
rule a long while ago. I have never permitted EXE|COM|REG|BAT and many
other dangerous file extensions anyways.
Maybe the filetype rules got involved instead?
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045
More information about the MailScanner
mailing list