Filename reporting issue - was: Filename enconding in auto-zip feature

Julian Field MailScanner at ecs.soton.ac.uk
Wed Sep 30 09:16:57 IST 2009 


On 26/09/2009 12:01, Julian Field wrote:
> Mark Sapiro wrote:
>> On Thu, Sep 24, 2009 at 04:52:53PM +0100, Julian Field wrote:
>>> Please try out 4.78.16 which is available for download at 
>>> www.mailscanner.info.
>>>
>>> Hopefully the handling of Unicode and foreign characters sets in 
>>> attachment filenames will be a lot better than it was.
>>>
>>> Please let me know what you think.
>>>
>>> I am now approaching a stable release, so please report any and all 
>>> bugs as soon as you can.
>>>
>>
>>
>>
>> Hi Jules,
>>
>> What is the status of the filename reporting issue noted at
>>
>> http://lists.mailscanner.info/pipermail/mailscanner/2009-September/093259.html 
>>
>>
>> and discussed in the three messages at
>>
>> http://lists.mailscanner.info/pipermail/mailscanner/2009-September/093278.html 
>>
>>
>> http://lists.mailscanner.info/pipermail/mailscanner/2009-September/093279.html 
>>
>>
>> and
>>
>> http://lists.mailscanner.info/pipermail/mailscanner/2009-September/093285.html 
>>
>>
>> I have seen nothing further on this since my reply in the last of these
>> messages. I have just verified the issue still exists in 4.78.16
> I was unable to reproduce the problem. I tested the code that 
> generates the safe filenames, and it worked just as I expected.
> If you can send me the raw sendmail queue files of a message that 
> demonstrates the bug, I will take a look.
>
I have just re-read the original posting (093259.html) and the report 
there states that the filename-extension-hiding rule was still 
triggered, the only problem was with the filename reported in the logs 
and so on. The filename reported in all output is always the "sanitised" 
filename, not the original (potentially evil) filename.

I have just tried it out with a message with 3 file attached to it:
     Nasty & horrible.doc .doc
     Nasty&horrible.doc .doc
     Nasty&horrible.doc.zip
and in all cases it behaves just the way I would expect it to.

Other than the filenames reported, what do you actually think is going 
wrong?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list