By default MailScanner does not allow double extensions in attachment file names, e.g. presentation.exe.pdf and I don’t want to point fingers but Microsoft Exchange has a vulnerability where files with long names that have multiple dots in the name can be executed as the first extension, for example if the file is presentation.exe.pdf – when run it will be treated as an executable even if it’s most likely a PDF file.
So when you are sending an email in cPanel with a file that has this pattern in it’s name: dot 2or3 characters/numbers dot 2or3 characters/numbers – that email is going to be hold by MailScanner:
To solve this, MailScanner denies both these “double extensions” and files with long names, using a predefined set of rules inside the filename.rules.conf file.
The biggest misinterpretation that I’ve encouncered with cpanel users is that they think that dots are forbidden in file names for attachemnts, but that is not the case.
As mentioned above, the following pattern is denied:
But the following is allowed:
Allowed three letters are also:
- days of the week: MON TUE WED THU FRI SAT SUN
- months: Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
To stop MailScanner from blocking files with this pattern and get rid of the “attempt to hide real filename extension” message, simply edit the following file: /usr/mailscanner/etc/filename.rules.conf
Scroll down to the bottom of the file, and remove the highlighted rule:
Save the file and restart MailScanner for the changes to take effect.