possible file detection bug
Tiago Meireles
tmeireles at electroind.com
Wed Oct 5 13:48:45 UTC 2016
Mark,
It is easily avoided by not using spaces correct?
Thanks,
Tiago
-----Original Message-----
From: MailScanner
[mailto:mailscanner-bounces+tmeireles=electroind.com at lists.mailscanner.info]
On Behalf Of Mark Sapiro
Sent: Wednesday, October 5, 2016 1:10 AM
To: mailscanner at lists.mailscanner.info
Subject: Re: possible file detection bug
On 10/04/2016 08:08 AM, Tiago Meireles wrote:
> I have an engineer trying to email files. The name and extension of
> one being "Test 128 Screen File(9-20-16).screen-bin" Mail scanner
> seems to detect it incorrectly, it reports as follows.
>
> Report: Report: MailScanner: Windows Screensavers are often used to
> hide viruses (Test 128 Scre.scr)
>
> Any thoughts? Anyone ran into a similar situation before?
The issue is MailScanner makes a "safe name" for various display and other
purposes. Then MailScanner's Filename Rules check, checks both the original
name and the safe name. The issue in your case is that the embedded spaces
in the name cause both the name and the "extension" part of the safe name to
be truncated so the resultant safe name is 'Test 128 Scre.scr' which hits
the .scr file name rule.
See 'sub MakeNameSafe' and 'sub IsNameEvil' in MailScanner/Message.pm.
Arguably, this is a bug, but it is easily avoided.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
More information about the MailScanner
mailing list