Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Report bugs and workarounds
Post Reply
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Post by ovizii »

Mailscanner blocked an attachment with:
MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)
so I checked: /etc/MailScanner/filename.rules.conf and the rule triggered is:
# Due to a bug in Outlook Express, you can make the 2nd from last extension
# be what is used to run the file. So very long filenames must be denied,
# regardless of the final extension.
deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages
not sure how a file name of Reg No -2016%2.png triggers that, is it the % character maybe?
Top
User avatar
shawniverson
Posts: 3783
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:
Contact shawniverson

Re: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Post by shawniverson »

That one is very weird. I think we should post throw this one at the MailScanner team.
Top
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Post by ovizii »

https://github.com/MailScanner/v5/issues/48
Top
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Post by ovizii »

solved. the file name was indeed very long, the Mailwatch interface actually only shows it in a short form.
Top
Post Reply

Return to “3.x Bugs”