How to fix “attempt to hide real filename extension” error in cPanel MailScanner

How to fix “attempt to hide real filename extension” error in cPanel MailScanner

By default MailScanner does not allow double extensions in attachment file names, e.g. presentation.exe.pdf and I don’t want to point fingers but Microsoft Exchange has a vulnerability where files with long names that have multiple dots in the name can be executed as the first extension, for example if the file is presentation.exe.pdf – when run it will be treated as an executable even if it’s most likely a PDF file.

So when you are sending an email in cPanel with a file that has this pattern in it’s name: dot 2or3 characters/numbers dot 2or3 characters/numbers – that email is going to be hold by MailScanner:

attempt to hide real filename extension MailScanner

To solve this, MailScanner denies both these “double extensions” and files with long names, using a predefined set of rules inside the filename.rules.conf file.

The biggest misinterpretation that I’ve encouncered with cpanel users is that they think that dots are forbidden in file names for attachemnts, but that is not the case.

As mentioned above, the following pattern is denied:

not allowed in mailscanner

But the following is allowed:

allowed file name pattern for attachments

Allowed three letters are also:

  • days of the week: MON TUE WED THU FRI SAT SUN
  • months: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
another allowed file name pattern for attachments

To stop MailScanner from blocking files with this pattern and get rid of the “attempt to hide real filename extension” message, simply edit the following file: /usr/mailscanner/etc/filename.rules.conf


Scroll down to the bottom of the file, and remove the highlighted rule:


Save the file and restart MailScanner for the changes to take effect.

/etc/rc.d/init.d/mailscanner restart

Written by
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.