[Mimedefang] False positives in filter_bad_filename

Fernando Gleiser fgleiser at cactus.fi.uba.ar
Fri Jul 1 15:01:35 EDT 2005


Some users are complaining MIMEDefang blocks some attachs in legitimate
mail. The attachs are mostly Excell or Word documents with names like
this:

Fondo Fijo  inform. balance.xls

as you can see from the logs:

Jul  1 13:19:23 mail2 mimedefang.pl[21359]: MDLOG,j61GJNn3023427,bad_filename,Fondo Fijo Agencia inform. balance.xls,application/vnd.ms-excel,<meroteuser at remotedomain.com.ar>,<user at mydomain.com.ar>,AGENCIA MENDOZA- FONDO FIJO AL 30/6/2005
Jul  1 15:27:19 mail2 mimedefang.pl[24289]: MDLOG,j61IRJn3026073,bad_filename,Fondo Fijo  inform. balance.xls,application/vnd.ms-excel,<meroteuser at mydomain.com.ar>,<user at holansud.com.ar>,Fw: cierre de balance al 30.06.05
Jul  1 15:36:29 mail2 mimedefang.pl[24289]: MDLOG,j61IaTn3026247,bad_filename,Fondo Fijo  inform. balance.xls,application/vnd.ms-excel,<meroteuser at remotedomain.com.ar>,<user at mydomain.com.ar>,Re: cierre de balance al 30.06.05

I thik the fact that the filename has a "." and lots of blank spaces in it 
triggers the false positive but I couldn't find where.

iI wrote a "bare bones" version of filter_bad_filename to check it:

#!/usr/bin/perl -w

$bad_exts = '(ade|adp|app|asd|asf|asx|avi|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|mov|mpe?g|mp3|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd||wmv|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';

$re = '\.' . $bad_exts . '\.*$';

while (<>) {
 	print "Match!" if ($_ =~/$re/);
}

and I tried it with

echo "Fondo Fijo  inform. balance.xls" | perl re_test.pl

but it didn't return a match.

Can anyone tell me why the attach was rejected? and what can I do to fix it

Thanks in advance


 				Fer



More information about the MIMEDefang mailing list