[Esd-l] {Filename?} Unexpected behaviour on "double-dotted" attachment filenames

Sanitizer List sanitizer at nyfix.co.uk
Thu Jun 2 05:48:14 PDT 2005

Warning: This message has had one or more attachments removed
Warning: (JavaConsole_1830_01062006.log.zip).
Warning: Please read the "SPC-Attachment-Warning.txt" attachment(s) for more information.

Hello John & List

Some of my users have been surprised to find that recent 'root-forwards' of wanted but Quarantined mail have contained Base 64
encoded content within a "SECURITY WARNING" attachment rather than the expected file attachment. This content is, of course, the
original attached file.

Investigation shows that the sanitizer copes with zip file attachments named in a 'double-dotted' format in this manner.

ie: <file>.log.zip becomes:-


The mail system has detected that the following
attachment may contain hazardous program code, is
a suspicious file type, or has a suspicious file name.
Do not trust it. Contact your system administrator immediately.

Scanner score: 0 (poisoned by name, scan skipped)

Content-Type: application/octet-stream; name="JavaConsole_1830_01062006.log.zip"
Content-Disposition: attachment; filename="JavaConsole_1830_01062006.log.zip"
Content-Transfer-Encoding: base64


Is this by design or have I misconfigured?  Can I configure to have such attachments ""properly"" processed?

(Correspondents have been requested to remit in 'single-dotted' form as a workaround)

MTIA for tips.


More information about the esd-l mailing list