[Mimedefang] Bad, bad_filename filtering ?

James B. Huber jbh at JudahNet.com
Wed Oct 8 19:59:01 EDT 2003 

Folks,
  I have a stupid issue. My wife tried to email me a
"web-page" in html format. Normally this is not an issue
as I allow ALL email from here to pass through. However...

Bottom line, is the "html" attachment has a name of:
filename="www.reason.com/links/links100703.shtml"
and the default filter, as well as the linux.org filters
and I suspect many other peoples, blows this out on the
"bad_filename" checks...Apparently the ".com" in the
filename is what's doing it.

First question, why are we checking anything of a
"path" component in the bad_filename check ? Or perhaps
better asked, why are we NOT calling the filename
what comes after DIRSEP (either "/" or "\" depending
upon your *NIX/Dos) ?
Any thoughts on how to go about getting the "last"
component of the filename to use in this check ?


The quarantined part-1 headers are below, but I think
the problem is apparent...or I'm slow and missing the
obvious.

Message-ID: <3F849AD1.3040102 at judahnet.com>
Date: Wed, 08 Oct 2003 19:16:33 -0400
From: "James B. Huber" <jbh at judahnet.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  jbh at judahnet.com
Subject: Reason
Content-Type: multipart/mixed;
boundary="------------020804030002000103090309"
[root at moses qdir-2003-10-08-19.16.33-001]# cat MSG.1
An attachment named www.reason.com/links/links100703.shtml was removed
from this document as it
constituted a security hazard.  If you require this document, please
contact
the sender and arrange an alternate means of receiving it.
 
[root at moses qdir-2003-10-08-19.16.33-001]# cat PART.1.HEADERS
Content-Type: text/html;
 name="www.reason.com/links/links100703.shtml"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="www.reason.com/links/links100703.shtml"
Content-Base: "http://www.reason.com/links/links10070
        3.shtml"
Content-Location: "http://www.reason.com/links/links10070
        3.shtml"


Regards,
Jim
-- 
======================================================================
James B. Huber                                        jbh at JudahNet.com
======================================================================

More information about the MIMEDefang mailing list