mailscann and japanese filename on attachement

Tomoki Taniguchi tomoki.taniguchi at gmail.com
Thu Jun 28 09:02:45 UTC 2007 

thank you for all your help



On 6/28/07, Aram Yegenian <aramyegenian at yahoo.com> wrote:
> as the warning states, this vulnerability only affects
> outlook express. so i would think that lotus notes
> isn't affected by this kind of attack.
>
> btw, there are other rules that you have to keep an
> eye on. for instance there is a rule that says "Deny
> all other double file extensions. This catches any
> hidden filenames." this denies filenames like
> hello.world.doc  i had a problem with that, because
> some users insisted on sending these files and it kept
> being quarantined. so keep an eye on the postmaster
> mailbox, or whatever mailbox you configured that would
> get these alerts, and change accordingly if needed.
>
> regards,
> aram yegenian
>
>
> --- Tomoki Taniguchi <tomoki.taniguchi at gmail.com>
> wrote:
>
> > do you know if this will affect lotus notes users?
> > i use mailscanner to filter mail before it arrives
> > on our
> > Lotus Domino server
> >
> >
> > On 6/28/07, Aram Yegenian <aramyegenian at yahoo.com>
> > wrote:
> > > as the error message states, MailScanner is
> > blocking
> > > long filenames in case they're an attack against
> > ms
> > > outlook.
> > >
> > > what you can do is edit the file
> > > /etc/MailScanner/filename.rules.conf and comment
> > out
> > > the line that begins with:
> > > "deny    .{150,}                 Very long
> > filename,
> > > possible OE attack..."
> > >
> > > just be careful because this will make ms outlook
> > > express users susceptible to that kind of attack.
> > >
> > > i did comment it out at my installation, but most
> > of
> > > the users use either thunderbird or apple mail,
> > and
> > > only a few use ms outlook (note that the warning
> > says
> > > outlook express)
> > >
> > > regards,
> > > aram yegenian
> > >
> > > --- Tomoki Taniguchi <tomoki.taniguchi at gmail.com>
> > > wrote:
> > >
> > > > OK strange...  i just tried to replicate the
> > > > problem, but was able to
> > > > receive japanese titled files just now....
> > > >
> > > > below is the original message.
> > > >
> > > > <SNIP>
> > > > This is a message from the MailScanner E-Mail
> > Virus
> > > > Protection Service
> > > >
> > >
> >
> ----------------------------------------------------------------------
> > > > The original e-mail attachment "28J1B%28J_.xls"
> > > > is on the list of unacceptable attachments for
> > this
> > > > site and has been
> > > > replaced by this warning message.
> > > >
> > > > If you wish to receive a copy of the original
> > > > attachment, please
> > > > e-mail helpdesk and include the whole of this
> > > > message
> > > > in your request. Alternatively, you can call
> > them,
> > > > with
> > > > the contents of this message to hand when you
> > call.
> > > >
> > > > At Tue Mar 20 11:32:02 2007 the virus scanner
> > said:
> > > >    MailScanner: Very long filenames are good
> > signs
> > > > of attacks against
> > > > Microsoft e-mail packages (28J1B%28J_.xls)
> > > > <SNIP>
> > > >
> > > > On 6/28/07, Aram Yegenian
> > <aramyegenian at yahoo.com>
> > > > wrote:
> > > > > Hi,
> > > > >
> > > > > What exactly is the error message you're
> > getting?
> > > > The
> > > > > sender and receiver should get an email from
> > > > > Mailscanner stating exactly why the email was
> > > > > quarantined. After that you have to check
> > > > > /etc/MailScanner/MailScanner.conf to see which
> > > > rules
> > > > > are being triggered. There's also
> > > > > /etc/MailScanner/filename.rules.conf which
> > > > contains
> > > > > the actual list of rules.
> > > > >
> > > > > Regards,
> > > > > Aram Yegenian
> > > > >
> > > > > --- Tomoki Taniguchi
> > <tomoki.taniguchi at gmail.com>
> > > > > wrote:
> > > > >
> > > > > > I have very simple postfix/Mailscanner
> > > > > > system setup.  currently mailscanner
> > > > > > quarentines attachments that have  a
> > japanese
> > > > > > filename.
> > > > > > how do i get it so mailscanner doesn't
> > > > quarentine a
> > > > > > file
> > > > > > just because it uses japanese filenames?
> > > > > >
> > > > > > tia,
> > > > > > tomoki taniguchi
> > > > > >
> > > > > > --
> > > > > > ubuntu-users mailing list
> > > > > > ubuntu-users at lists.ubuntu.com
> > > > > > Modify settings or unsubscribe at:
> > > > > >
> > > > >
> > > >
> > >
> >
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ____________________________________________________________________________________
> > > > > Moody friends. Drama queens. Your life? Nope!
> > -
> > > > their life, your story. Play Sims Stories at
> > Yahoo!
> > > > Games.
> > > > > http://sims.yahoo.com/
> > > > >
> > > > > --
> > > > > ubuntu-users mailing list
> > > > > ubuntu-users at lists.ubuntu.com
> > > > > Modify settings or unsubscribe at:
> > > >
> > >
> >
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > > >
> > > >
> > > >
> > > > --
> > > > Tomoki Taniguchi
> > > > SKYPE: taiyocable.com_taniguchi_tomoki
> > > > MSN: tomoki_taniguchi at hotmail.com
> > > > YAHOO: tomoki_taniguchi
> > > > AIM: tomoki taniguchi
> > > >
> > > > --
> > > > ubuntu-users mailing list
> > > > ubuntu-users at lists.ubuntu.com
> > > > Modify settings or unsubscribe at:
> > > >
> > >
> >
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > >
> > >
> > >
> > >
> > >
> > >
> >
> ____________________________________________________________________________________
> > > Sick sense of humor? Visit Yahoo! TV's
> > > Comedy with an Edge to see what's on, when.
> > > http://tv.yahoo.com/collections/222
> > >
> > > --
> > > ubuntu-users mailing list
> > > ubuntu-users at lists.ubuntu.com
> > > Modify settings or unsubscribe at:
> >
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > >
> >
> >
> > --
> > Tomoki Taniguchi
> > SKYPE: taiyocable.com_taniguchi_tomoki
> > MSN: tomoki_taniguchi at hotmail.com
> > YAHOO: tomoki_taniguchi
> > AIM: tomoki taniguchi
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> >
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
>
>
>
>
> ____________________________________________________________________________________
> Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
> http://answers.yahoo.com/dir/?link=list&sid=396545469
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>


-- 
Tomoki Taniguchi
SKYPE: taiyocable.com_taniguchi_tomoki
MSN: tomoki_taniguchi at hotmail.com
YAHOO: tomoki_taniguchi
AIM: tomoki taniguchi

More information about the ubuntu-users mailing list