mailscann and japanese filename on attachement

Aram Yegenian aramyegenian at yahoo.com
Thu Jun 28 08:55:49 UTC 2007 

as the warning states, this vulnerability only affects
outlook express. so i would think that lotus notes
isn't affected by this kind of attack.

btw, there are other rules that you have to keep an
eye on. for instance there is a rule that says "Deny
all other double file extensions. This catches any
hidden filenames." this denies filenames like
hello.world.doc  i had a problem with that, because
some users insisted on sending these files and it kept
being quarantined. so keep an eye on the postmaster
mailbox, or whatever mailbox you configured that would
get these alerts, and change accordingly if needed.

regards,
aram yegenian


--- Tomoki Taniguchi <tomoki.taniguchi at gmail.com>
wrote:

> do you know if this will affect lotus notes users?
> i use mailscanner to filter mail before it arrives
> on our
> Lotus Domino server
> 
> 
> On 6/28/07, Aram Yegenian <aramyegenian at yahoo.com>
> wrote:
> > as the error message states, MailScanner is
> blocking
> > long filenames in case they're an attack against
> ms
> > outlook.
> >
> > what you can do is edit the file
> > /etc/MailScanner/filename.rules.conf and comment
> out
> > the line that begins with:
> > "deny    .{150,}                 Very long
> filename,
> > possible OE attack..."
> >
> > just be careful because this will make ms outlook
> > express users susceptible to that kind of attack.
> >
> > i did comment it out at my installation, but most
> of
> > the users use either thunderbird or apple mail,
> and
> > only a few use ms outlook (note that the warning
> says
> > outlook express)
> >
> > regards,
> > aram yegenian
> >
> > --- Tomoki Taniguchi <tomoki.taniguchi at gmail.com>
> > wrote:
> >
> > > OK strange...  i just tried to replicate the
> > > problem, but was able to
> > > receive japanese titled files just now....
> > >
> > > below is the original message.
> > >
> > > <SNIP>
> > > This is a message from the MailScanner E-Mail
> Virus
> > > Protection Service
> > >
> >
>
----------------------------------------------------------------------
> > > The original e-mail attachment "28J1B%28J_.xls"
> > > is on the list of unacceptable attachments for
> this
> > > site and has been
> > > replaced by this warning message.
> > >
> > > If you wish to receive a copy of the original
> > > attachment, please
> > > e-mail helpdesk and include the whole of this
> > > message
> > > in your request. Alternatively, you can call
> them,
> > > with
> > > the contents of this message to hand when you
> call.
> > >
> > > At Tue Mar 20 11:32:02 2007 the virus scanner
> said:
> > >    MailScanner: Very long filenames are good
> signs
> > > of attacks against
> > > Microsoft e-mail packages (28J1B%28J_.xls)
> > > <SNIP>
> > >
> > > On 6/28/07, Aram Yegenian
> <aramyegenian at yahoo.com>
> > > wrote:
> > > > Hi,
> > > >
> > > > What exactly is the error message you're
> getting?
> > > The
> > > > sender and receiver should get an email from
> > > > Mailscanner stating exactly why the email was
> > > > quarantined. After that you have to check
> > > > /etc/MailScanner/MailScanner.conf to see which
> > > rules
> > > > are being triggered. There's also
> > > > /etc/MailScanner/filename.rules.conf which
> > > contains
> > > > the actual list of rules.
> > > >
> > > > Regards,
> > > > Aram Yegenian
> > > >
> > > > --- Tomoki Taniguchi
> <tomoki.taniguchi at gmail.com>
> > > > wrote:
> > > >
> > > > > I have very simple postfix/Mailscanner
> > > > > system setup.  currently mailscanner
> > > > > quarentines attachments that have  a
> japanese
> > > > > filename.
> > > > > how do i get it so mailscanner doesn't
> > > quarentine a
> > > > > file
> > > > > just because it uses japanese filenames?
> > > > >
> > > > > tia,
> > > > > tomoki taniguchi
> > > > >
> > > > > --
> > > > > ubuntu-users mailing list
> > > > > ubuntu-users at lists.ubuntu.com
> > > > > Modify settings or unsubscribe at:
> > > > >
> > > >
> > >
> >
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
>
____________________________________________________________________________________
> > > > Moody friends. Drama queens. Your life? Nope!
> -
> > > their life, your story. Play Sims Stories at
> Yahoo!
> > > Games.
> > > > http://sims.yahoo.com/
> > > >
> > > > --
> > > > ubuntu-users mailing list
> > > > ubuntu-users at lists.ubuntu.com
> > > > Modify settings or unsubscribe at:
> > >
> >
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > >
> > >
> > >
> > > --
> > > Tomoki Taniguchi
> > > SKYPE: taiyocable.com_taniguchi_tomoki
> > > MSN: tomoki_taniguchi at hotmail.com
> > > YAHOO: tomoki_taniguchi
> > > AIM: tomoki taniguchi
> > >
> > > --
> > > ubuntu-users mailing list
> > > ubuntu-users at lists.ubuntu.com
> > > Modify settings or unsubscribe at:
> > >
> >
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > >
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Sick sense of humor? Visit Yahoo! TV's
> > Comedy with an Edge to see what's on, when.
> > http://tv.yahoo.com/collections/222
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > Modify settings or unsubscribe at:
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
> 
> 
> -- 
> Tomoki Taniguchi
> SKYPE: taiyocable.com_taniguchi_tomoki
> MSN: tomoki_taniguchi at hotmail.com
> YAHOO: tomoki_taniguchi
> AIM: tomoki taniguchi
> 
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> 



       
____________________________________________________________________________________
Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545469

More information about the ubuntu-users mailing list