efa-project.org


https://forum.efa-project.org/

Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

https://forum.efa-project.org/viewtopic.php?t=2320

Page 1 of 1

Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Posted: 05 Apr 2017 14:04
by ovizii
Mailscanner blocked an attachment with:
MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)
so I checked: /etc/MailScanner/filename.rules.conf and the rule triggered is:
# Due to a bug in Outlook Express, you can make the 2nd from last extension
# be what is used to run the file. So very long filenames must be denied,
# regardless of the final extension.
deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages
not sure how a file name of Reg No -2016%2.png triggers that, is it the % character maybe?

Re: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Posted: 05 Apr 2017 21:38
by shawniverson
That one is very weird. I think we should post throw this one at the MailScanner team.

Re: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Posted: 06 Apr 2017 07:55
by ovizii
https://github.com/MailScanner/v5/issues/48

Re: Very long filenames are good signs of attacks against Microsoft e-mail packages (Reg No -2016%2.png)

Posted: 07 Apr 2017 11:38
by ovizii
solved. the file name was indeed very long, the Mailwatch interface actually only shows it in a short form.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited