BAD FILENAME DETECTED: something.[common-extension].pdf
Robert Lopez
rlopezcnm at gmail.com
Thu Sep 3 19:45:25 IST 2009
On Thu, Sep 3, 2009 at 12:36 PM, Kevin
Miller<Kevin_Miller at ci.juneau.ak.us> wrote:
> Most likely user error. Well, not error exactly, but user generated. There are any number of tools out there such as pdf995 or pdfCreator that will allow you to "print" a document to a pdf file. (Openoffice will export to a .pdf w/o a "printer" driver.) Makes it easy to share something in a universal format.
>
> What happens is users name their document "MyImportStuff.doc" then print/export to pdf via some mechanism which takes the original document name and appends .pdf to the end. Presto, it becomes MyImportStuff.doc.pdf, MailScanner steps on it, and Linux users the world over have a good chuckle at the foolishness of Microsoft for hiding file extensions by default, thus making social engineering exploits that much easier for the bad guys...
>
>
> ...Kevin
> --
> Kevin Miller Registered Linux User No: 307357
> CBJ MIS Dept. Network Systems Admin., Mail Admin.
> 155 South Seward Street ph: (907) 586-0242
> Juneau, Alaska 99801 fax: (907 586-4500
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Robert Lopez
> Sent: Thursday, September 03, 2009 10:19 AM
> To: MailScanner discussion
> Subject: BAD FILENAME DETECTED: something.[common-extension].pdf
>
> In watching all the BAD FILENAME DETECTED emails MailScanner sends to Postmaster ( Doing a wonderful job! ) I have noticed a lot of files that have that last ".pdf" after ".doc", ".docx", ".xls", etc.
>
> What is bothering me there are so many coming from US government agencies.
>
> Is there any chance some applications used by government agencies actually produce files named like these?
>
> --
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
Thanks Kevin. So I should be concerned I will sooner or later get
complaints as this may be interfering in business.
At first thoughts I do not want to change the file name rule but I may
have to white list those government agencies.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
More information about the MailScanner
mailing list