Why is this a hidden filename extension?

Robert Lopez rlopezcnm at gmail.com
Mon Sep 21 19:01:16 IST 2009

On Sun, Sep 20, 2009 at 10:30 AM, Mark Sapiro <mark at msapiro.net> wrote:
> On Sat, Sep 19, 2009 at 09:05:54AM -0700, Mark Sapiro wrote:
>> So it appears that in your case, there actually was a double extension,
>> and that in the process of 'html escaping' the name, the second extension
>> was dropped. If the entire message is in the quarantine (Quarantine Whole
>> Message = yes), you can see the original file name there.
> Also, the original name should be in a MailScanner "Filename Checks"
> log message.
> --
> Mark Sapiro mark at msapiro net       The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!

>From the maillog:
Sep 18 10:50:09 xxxxx  MailScanner[16724]: Filename Checks: Found
possible filename hiding (5290B11B8.C17DE Motion & Order to

In the quarantine directory:
root at xxxxx:~# ls /var/spool/MailScanner/quarantine/20090918/5290B11B8.C17DE
Motion %26 Order.doc

What is in the quarantine dir is not the email message but the file only.
But you were correct the Filename Checks line has the double extension
of .word.doc.
Thank you for all the time you put into this and teaching me to
carefully examine the "Filename Checks" line.

Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106

More information about the MailScanner mailing list