Found possible filename hiding

Questions and answers about how to do stuff
Post Reply
colin
Posts: 99
Joined: 13 Feb 2014 16:09

Found possible filename hiding

Post by colin »

From one sender I constantly get:
Filename Checks: Found possible filename hiding (65C986009E.AA458 email.foot.png)
and the mail is marked as Bad Content.

Is there anything I can do about this without compromising the system for other "bad Content" emails?
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Found possible filename hiding

Post by darky83 »

This is one item up for discussion.

The thing is that the system trips because of the multiple dots in the filename.
The setting for this is defined in /etc/MailScanner/filename.rules.conf

The item is meant to block items like file.png.ps1 or file.png.vbs etc..

Now there are already a bunch of rules in place that blocks .exe .com etc so you could say that it is save to disable the default deny rule (last line below # Deny all other double file extensions. This catches any hidden filenames.)

I have been thinking of disabling this by default as it gives way more headaches than that it actually saves you from getting a virus.
However it is a security issue.

Users input on this is always welcome :)
Version eFa 4.x now available!
Post Reply