<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
<br>
<blockquote
cite="mid:8F2A53954C22554EB75D9643FCCE0C6B05A5F864@MED-CORE03-MS1.med.wayne.edu"
type="cite">
<pre wrap="">
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a>
[<a class="moz-txt-link-freetext" href="mailto:mailscanner-bounces@lists.mailscanner.info">mailto:mailscanner-bounces@lists.mailscanner.info</a>] On Behalf Of Julian
Field
Sent: Saturday, November 10, 2007 11:18 AM
To: MailScanner discussion
Subject: Re: Mailscanner filename check and report
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would be very interested if someone can give me a reproducible example
of when it goes wrong. Before I get that, there's unfortunately very
little I can do about this problem, sorry.
Rose, Bobby wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
I've been using MailScanner for years and I seen this issue a couple
times before but just assumed it was a user mistake. I've seen
sender.filename.report sends back a message with the wrong $filename
string. What is sends back is a random string of characters.
The message says
One or more of the attachments (VAmRh3qo9P) are on the list of
unacceptable attachments for this site and will not have been
</pre>
</blockquote>
<pre wrap=""><!---->delivered.
</pre>
<blockquote type="cite">
<pre wrap="">Consider renaming the files to avoid this constraint.
The virus detector said this about the message:
Report: Report: Attempt to hide real filename extension (VAmRh3qo9P)
But in the maillogs, it has the real filename
</pre>
</blockquote>
</blockquote>
<br>
<blockquote
cite="mid:8F2A53954C22554EB75D9643FCCE0C6B05A5F864@MED-CORE03-MS1.med.wayne.edu"
type="cite">
<blockquote type="cite">
<pre wrap="">
I'm not sure of the conditions that lead to this because it doesn't
always happen and if I test myself, the sender.filename.report message
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap="">is correct. Anyone else seen this before?
-=B
</pre>
</blockquote>
<pre wrap=""><!---->
Jules
- --
Julian Field MEng CITP</pre>
</blockquote>
contents RHO Flip Education.lg.10.31.20071.ppt.doc<br>
<pre wrap="">Dr_Vay_shopcart.aspx.htm</pre>
<br>
It might have something to do with the fact that the file names have
multiple "." periods within the filename. MailScanner's test might
think that they are trying to hide a file behind a second extension.
Especially bad for those with Windows with the view known extensions
off. An old virus trick was to call a file somthing like "
mycutethingclickme.doc.exe" And the poor user would only see the
"mycutethingclickme.doc". I think Jule's test might be warning of
that. Check and see if all the files that are getting held back are
multi-dotted. The two you reported certianly are.<br>
<br>
Greg. Borders<br>
Sysadmin "at large"<br>
</body>
<br />
--<br />
This email message and any document accompanying it may contain information intended only for the person(s) named.<br />
Any use, distribution, copying or disclosure by another person is strictly prohibited.<br />
NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION:<br />
DISCLOSURE UNDER TREASURY CIRCULAR 230:<br />
Any tax advice included in this written or electronic communication was not intended or written to be used,<br />
and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer<br />
by any governmental taxing authority or agency.<br />
This written or electronic communication does not represent legal advice.<br />
Persons in need of a legal opinion should seek competent counsel.<br />
</html>