Why is this a hidden filename extension?
rlopezcnm at gmail.com
Mon Sep 21 19:01:16 IST 2009
On Sun, Sep 20, 2009 at 10:30 AM, Mark Sapiro <mark at msapiro.net> wrote:
> On Sat, Sep 19, 2009 at 09:05:54AM -0700, Mark Sapiro wrote:
>> So it appears that in your case, there actually was a double extension,
>> and that in the process of 'html escaping' the name, the second extension
>> was dropped. If the entire message is in the quarantine (Quarantine Whole
>> Message = yes), you can see the original file name there.
> Also, the original name should be in a MailScanner "Filename Checks"
> log message.
> Mark Sapiro mark at msapiro net The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
>From the maillog:
Sep 18 10:50:09 xxxxx MailScanner: Filename Checks: Found
possible filename hiding (5290B11B8.C17DE Motion & Order to
In the quarantine directory:
root at xxxxx:~# ls /var/spool/MailScanner/quarantine/20090918/5290B11B8.C17DE
Motion %26 Order.doc
What is in the quarantine dir is not the email message but the file only.
But you were correct the Filename Checks line has the double extension
Thank you for all the time you put into this and teaching me to
carefully examine the "Filename Checks" line.
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
More information about the MailScanner