Regarding Very long filenames....
Peter Bonivart
bonivart at opencsw.org
Thu Jul 21 12:40:32 IST 2011
On Thu, Jul 21, 2011 at 1:17 PM, sonidhaval at gmail.com
<sonidhaval at gmail.com> wrote:
> I am getting below error and pdf's are getting blocked in Mail Scanner.
>
> Very long filenames are good signs of attacks against Microsoft e-mail
> packages (WSComparison_P.pdf)
That filename is actually a lot longer than you see there, it's
sanitized for security before being logged. I assume you quarantine
blocked mail so you can take a look there at the original filename.
It's this rule in %etc-dir%/filenames.rules.conf that is blocking it:
deny .{150,} Very long filename, possible OE attack
Very long filenames are good
signs of attacks against Microsoft e-mail packages
Feel free to bump up 150 to something higher if you think that's a
good idea. In my experience whenever a filename contains anything else
than 7bit ASCII it adds a lot to it's length when it's being
ISO-encoded.
/peter
More information about the MailScanner
mailing list