filename rules

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Tue May 5 13:50:57 IST 2009


Jan Agermose a écrit :
>
> hi
>
>  
>
> we see a few messages like this:
>
>  
>
> The virus detector said this about the message:
> Report: Report: MailScanner: Attempt to hide real filename extension 
> (invoice 657 L%F8.pdf)
>
>  
>
>  
>
> because people are using the dainsh chars æøå in the filenames - Im 
> guessing other languages have the samme issues when people are 
> attaching documents that are using special hars not in
>
>  
>
> \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$
>
>  
>
> I would like to say "yea but its simply not allowed in the mail 
> standard" - but im not even sure if its true or if its just an old 
> rule not updated now that its 2009 and unicode or what ever.
>
>  
>
> I dont actually see how it would hit this rule as there is only one \. 
> in the filename and the rule seams to need two \. to hit... But I dont 
> find any other rules having the response "Attempt to hide real 
> filename extension".
>
>  
>
>  
>
Jan,

I doubt this is the rule that matched (unless the filename you provided 
isn't complete because it was sanitized).  You are right about the 2 \. 
This rule wants to deny files such as filename.pdf.exe.  I disabled this 
rule a long while ago. I have never permitted EXE|COM|REG|BAT and many 
other dangerous file extensions anyways.

Maybe the filetype rules got involved instead?

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045




More information about the MailScanner mailing list