Closed Bug 271211 Opened 21 years ago Closed 18 years ago

TB sending barred EML attachment causes to be blocked by Antivirus servers

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 258454

People

(Reporter: berry, Assigned: mscott)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Reproducible: Always Steps to Reproduce: 1. get a message with subject "yourdomain.com" 2. create a new message including previous message as attachment (drag & drop) 3. send the email against qmail+clamav Actual Results: The email scanner intercepted it and stopped the entire message reaching its destination. The problem was reported to be: Disallowed double-barrelled attachment filename (yourdomain.com.eml)- potential virus Expected Results: I've follower the steps using MS Outlook (!) . The MS mailer converts dots (.) in underscores (_) so the attachment received was: yourdomain_com_eml and the antivirus let pass it. For sure this is a 'security' feature introduced by MS to, whatever, workaround the large amounts of spam/virus that ask to open attachment with name "porn.jpg.<LOTS_OF_WHITESPACES_HERE>.com in order to to trick MS users' zero knowledge :)
is this an enhancement request asking us to change .'s to _'s (except the last one which *should* remain so that the file has an extension...)?
Group: security
Whiteboard: [sg:nse]
(In reply to comment #1) > is this an enhancement request asking us to change .'s to _'s (except the last > one which *should* remain so that the file has an extension...)? I think, as a new enhancement we need to investigate how other mailers (Outlook, Outlook Express, IncrediMail) solved the specific problem and if it's a non intrusive solution. To solve the main problem in evidence, let's keep, for now, only the latest dot for the extension. Maybe a custom flag in Options Panel (Tools>Options>Attachments) to enable or disable the new enhancement , could be less intrusive for now. Ciao BB
(In reply to comment #0) > 1. get a message with subject "yourdomain.com" > 2. create a new message including previous message as attachment (drag & drop) > 3. send the email against qmail+clamav > > Actual Results: > The email scanner intercepted it and stopped the entire message reaching its > destination. > > The problem was reported to be: > Disallowed double-barrelled attachment filename (yourdomain.com.eml)- > potential virus I can't get to these actual results because, when I drag a message to another message as an attachment, it gets named "Attached Message" rather than named for the subject (bug 209629). Alternately, if I use Forward As Attachment, the name of the attachment is *only* the subject; .EML is not appended to the name (bug 220646). Which, in this case, would be "yourdomain.com" and so "potentially a virus." I know I've seen a bug about munging attachment names for the .COM case. I've also seen a bug about some virus scanner out there blocking messages with .EML attachments, which sounds to me like an overzealous scanner. I can't locate either of those bugs right now.
Whiteboard: [sg:nse]
QA Contact: general
... and bug 380354.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.