home *** CD-ROM | disk | FTP | other *** search
- ###########################################################################
- # [Reject very long attachment filenames]
- #
- # Description: "Reject messages have attachments with very long filenames"
- # Keywords: "viruses, security, Exchange, Microsoft, Netscape, Explorer"
- # Category: "Junk mail detection"
- # Format: "{TRUE OR FALSE}"
- #
- # There is a well known security flaw in several mail programs, where an
- # email is sent with a file attachment to the victim, and the filename
- # of the attachment is extremely long. When the victim reads the message,
- # their mail program crashes due to the very long length of the filename,
- # and it is theoretically possible that the sender of the message could
- # run any program they want on the victims computer.
- #
- # While the ability to crash email clients with this security flaw has
- # been demonstrated, and is well known, the ability to run an arbitrary
- # program on the client machine by exploiting this flaw has only been
- # theorized: there are currently no known exploits of this theory.
- #
- # Nonetheless, if you use a mail client known to have this security
- # flaw, you might want to have MailShield check for very long filenames
- # in attachments, and have MailShield reject messages that appear to use
- # this exploit.
- #
- # This setting determines the filename length that is considered 'too
- # large' and rejects messages with attachments larger than this number.
- # A setting of 100 should be plenty large to allow normal attachments
- # through while prohibiting the exploitation of this security flaw.
- #
- # A setting of 0 disables this feature.
- #
- # By default, this feature is disabled.
- #
- # Instructions: "Please enter a maximum attachment filename size (in characters) below."
- 0
-
