Werner Fleck wrote:
I attached an email showing the error. The critical lines are:
Content-Type: application/octet-stream; name="=?koi8-r?B?NC5wZGYuZXhl?=" Content-Disposition: attachment;
This was discussed last year, and is a known issue.
I ask for feedback/help from non-ASCII sites about just how things like Windows really handle file extensions. e.g. assuming Chinese treats *.EXE as executables, does it also treat some other (Chinese) extension as an executable? How does the locale choice present in such encoded filenames affect the extension? I just don't have enough background in foreign languages to know the answers to this.
At its heart, such encoded filenames have to be "normalized" back to a standard, predicable format with which you can ensure your quarantine-attachments.txt file looks for. Typically we'd have to start using other perl modules such as MIME::Base64 - which I am loathed to do unless there is dire need (I just don't like opening more files than are needed ;-)
I asked for help some time last year... I'm still waiting... :-)
PS: if you were seeing a particular file attachment getting through, you could always specifically block it - e.g. for the filename above:
Encoded filename: =?koi8-r?B?NC5wZGYuZXhl?= Seen by Q-S as: __koi8-r_b_nc5wzgyuzxhl__
So create a quarantine-attachment.txt entry to block "__koi8-r_b_nc5wzgyuzxhl__". Not nice, not comprehensive, but will work for such viruses IF they don't change their filenames. Of course, hopefully your AV will catch it.
I agree this is something that needs fixing, so feedback on locale/encoding issues appreciated!
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
