possible file detection bug
Mark Sapiro
mark at msapiro.net
Wed Oct 5 05:09:47 UTC 2016
On 10/04/2016 08:08 AM, Tiago Meireles wrote:
> I have an engineer trying to email files. The name and extension of one
> being "Test 128 Screen File(9-20-16).screen-bin" Mail scanner seems to
> detect it incorrectly, it reports as follows.
>
> Report: Report: MailScanner: Windows Screensavers are often used to hide
> viruses (Test 128 Scre.scr)
>
> Any thoughts? Anyone ran into a similar situation before?
The issue is MailScanner makes a "safe name" for various display and
other purposes. Then MailScanner's Filename Rules check, checks both the
original name and the safe name. The issue in your case is that the
embedded spaces in the name cause both the name and the "extension" part
of the safe name to be truncated so the resultant safe name is 'Test 128
Scre.scr' which hits the .scr file name rule.
See 'sub MakeNameSafe' and 'sub IsNameEvil' in MailScanner/Message.pm.
Arguably, this is a bug, but it is easily avoided.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list