Closed Bug 271211 Opened 17 years ago Closed 14 years ago

TB sending barred EML attachment causes to be blocked by Antivirus servers

Categories

(Thunderbird :: General, defect)

x86
Windows XP
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 258454

People

(Reporter: berry, Assigned: mscott)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

   

Reproducible: Always
Steps to Reproduce:
1. get a message with subject "yourdomain.com"
2. create a new message including previous message as attachment (drag & drop)
3. send the email against qmail+clamav


Actual Results:  
The email scanner intercepted it and stopped the entire message reaching its
destination.

The problem was reported to be:
Disallowed double-barrelled attachment filename (yourdomain.com.eml)- potential
virus


Expected Results:  
I've follower the steps using MS Outlook (!) .
The MS mailer converts dots (.) in underscores (_) so the attachment received was:
yourdomain_com_eml  and the antivirus let pass it.
For sure this is a 'security' feature introduced by MS to, whatever, workaround
the large amounts of spam/virus that ask to open attachment with name
"porn.jpg.<LOTS_OF_WHITESPACES_HERE>.com  in order to to trick MS users' zero
knowledge :)
is this an enhancement request asking us to change .'s to _'s (except the last
one which *should* remain so that the file has an extension...)?
Group: security
Whiteboard: [sg:nse]
(In reply to comment #1)
> is this an enhancement request asking us to change .'s to _'s (except the last
> one which *should* remain so that the file has an extension...)?

I think, as a new enhancement we need to investigate how other mailers (Outlook,
Outlook Express, IncrediMail) solved the specific problem and if it's a non
intrusive solution.

To solve the main problem in evidence, let's keep, for now,  only the latest dot
for the extension. Maybe a custom flag in Options Panel
(Tools>Options>Attachments) to enable or disable the new enhancement , could be
less intrusive for now.

Ciao
BB
(In reply to comment #0)
> 1. get a message with subject "yourdomain.com"
> 2. create a new message including previous message as attachment (drag & drop)
> 3. send the email against qmail+clamav
> 
> Actual Results:  
> The email scanner intercepted it and stopped the entire message reaching its
> destination.
> 
> The problem was reported to be:
> Disallowed double-barrelled attachment filename (yourdomain.com.eml)-
> potential virus

I can't get to these actual results because, when I drag a message to another 
message as an attachment, it gets named "Attached Message" rather than named for 
the subject (bug 209629).  Alternately, if I use Forward As Attachment, the name 
of the attachment is *only* the subject; .EML is not appended to the name (bug 
220646).  Which, in this case, would be "yourdomain.com" and so "potentially a 
virus."

I know I've seen a bug about munging attachment names for the .COM case.  I've 
also seen a bug about some virus scanner out there blocking messages with .EML 
attachments, which sounds to me like an overzealous scanner.  I can't locate 
either of those bugs right now.
Whiteboard: [sg:nse]
QA Contact: general
... and bug 380354.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 258454
You need to log in before you can comment on or make changes to this bug.