Blocking custom file extension is not working

Mark Sapiro mark at
Sat Feb 6 04:39:49 UTC 2016

On 02/05/2016 01:56 AM, Pieter Goris wrote:
> .dll are being blocked from any source but 1,

Just for curiousity, I ran the tests to see what the mail
looks like. Several of the messages disguise the filename in various
ways. I found things such as


This is an RFC2231 encoded parameter and decodes to


The fact that MailScanner doesn't recognize this encoded name as *.bat
can be considered a MailScanner bug.


This is not compliant with RFC 2047. Parameter name are not allowed to
have quotes. Thus this should not be recognized as a name parameter.


This was part of a Content-Type: header (and Content-Disposition: had a
similar filename= parameter)

The fact that the .bat part does not begin with white space means that
it is not a 'continuation' but is the start of a new header. The '\' is
meaningless in this context and the name is simply 'attached\'.

Based on these results, it is my opinion that this site is sending
bogus, non-compliant messages and telling you that if your scanner
doesn't stop them, you should buy theirs.

This does point out one issue in that MailScanner should recognize the
RFC 2231 encoded name and apparently doesn't, but the rest of it is
non-compliant ways of making things that look like bad names but in fact
are not valid names at all.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list