wrong detection of file?
L.P.H. van Belle
belle at bazuin.nl
Wed May 29 07:24:13 UTC 2019
Hai and thank you all for the replies.
Quote: I suspect the filename parser in MailScanner is not parsing the filename properly and is perhaps treating spaced elements of the filename as separate strings.
I agree here.
Im running Debian 9, latest mailscanner, mailwatch for some years now, the systems in highly tuned for the company.
We process a lot of pdf doc rtf files and this is the first in a long time thats failed.
So somehere in this file name : SSL Server Test hostname.example.com (Powered by Qualys SSL Labs).pdf
The regexp is going wrong.
I rechecked the mimetype also just to be sure, that shows the pdf file correctly.
Its simple to test youself, goto ssllabs.com, test a webserver, safe the file.
Then i saved to PDF with the default windows 10 pdf printer and mailed.
Ps, im 2 weeks offline, so i can test this in short term.
I consider it low prio, but im my opinion its a bug.
Thats why i reported it.
Greetz,
Louis
________________________________
Van: MailScanner [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner.info] Namens Alex Neuman
Verzonden: dinsdag 28 mei 2019 17:52
Aan: MailScanner Discussion
Onderwerp: Re: wrong detection of file?
Or the MIME encoding is splitting it... still, periods in the middle of files have been seen as an inconvenience for some time. There's even a rule for "double extensions" since they can be used to trick people into opening them by naming them filename.doc.exe.
On May 28, 2019, at 5:50 PM, Shawn Iverson via MailScanner <mailscanner at lists.mailscanner.info> wrote:
Although I agree with you, a file with .com in the middle of it, however, should not match. I suspect the filename parser in MailScanner is not parsing the filename properly and is perhaps treating spaced elements of the filename as separate strings.
On Tue, May 28, 2019 at 11:38 AM Peter Farrow <peter.farrow at togethia.net> wrote:
Dear Louis,
A file ending in ".com" is a computer code executable program.
Mailscanner is seeing "example.com <http://example.com/> " and disallowing it as a potential executable.
This is normal expected and by design behaviour,
Pete
<signature.JPG>
On 28/05/2019 15:43, L.P.H. van Belle via MailScanner wrote:
Hai Shawn,
Have you ever seen something like this.
I just e-mailed a file, with a name as shown below.
SSL Server Test hostname.example.com <http://hostname.example.com/> (Powered by Qualys SSL Labs).pdf
The resport shows :
Message: Executable DOS/Windows programs are dangerous in email (SSL Server Tes.com)
And its shown in mailwatch as : application/pdf; charset=binary
Now the thing i dont get here is, how is the name "SSL Server Tes.com" constructed from
The name : SSL Server Test hostname.example.com <http://hostname.example.com/> (Powered by Qualys SSL Labs).pdf
I only change the hostname and domain here, i kept the format exact the same.
Greetz,
Louis
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
<https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ> <https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ> Cybersecurity <https://www.doe.in.gov/sites/default/files/cybersecurity/cybersecurity.png>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
More information about the MailScanner
mailing list