cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

EV uses DisplayName property instead of the FileName property?

BruGuy
Level 6

‎09-24-2009 07:39 AM

Hello,

Can anyone confirm that when PSTs are imported using EVPM, attachment names are based on the DisplayName property instead of the FileName property?

That seems to be dangerous because a DisplayName of "picture.jpg" could be used to hide an attachment with FileName "virus.exe" etc.

From Outlook XP on, the DisplayName property is apparently ignored and the FileName is always used.

Thanks,

- Alan.


From MSDN:


DisplayName Property

For the Attachment object:

Returns or sets a String representing the name, which does not need to be the actual file name, displayed below the icon representing the embedded attachment. This property corresponds to the MAPI property PR_DISPLAY_NAME. Read/write.
 

Attachment.FileName Property (Microsoft.Office.Interop.Outlook)
Returns a String (string in C#) representing the file name of the attachment. Read-only.

 


0 Kudos
9 REPLIES 9

MichelZ
Level 6
Partner Accredited Certified

‎09-24-2009 08:33 AM

It's not only when PST are imported, but rather always. (tried manually archiving):

EVDisplayName1.png


EVDisplayName2.png


Could really be worth changing to PR_ATTACH_FILENAME

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Rob_Wilcox1
Level 6
Partner

‎09-25-2009 01:21 AM

Yes the EV code uses the display name attribute.

Can you explain how this could be used to hide a malicious attachment?  After all Exchange/Outlook doesn't allow exe's in attached messages....
Working for cloudficient.com
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎09-25-2009 01:31 AM

Well, even if there is no security issue, wouldn't it be better anyway to be consistent with Outlook's "View" of the Attachment? (Which always shows filename, not display name)


cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Rob_Wilcox1
Level 6
Partner

‎09-25-2009 01:37 AM

Yes it would be better to be consistent.

But.. there are 10,000,000 things we'd "like to fix" ...  if this has some security implications then I could maybe it get it in the top 1,000,000 :)

Make sense?

Working for cloudficient.com
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎09-25-2009 01:41 AM

Dude

You should really hire a "small-issue-fixer" which does only fix bugs which require no more than 2 hours of work.

And your list would vanish from 10,000,000 to 10,000 in a year... :)


cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Rob_Wilcox1
Level 6
Partner

‎09-25-2009 01:46 AM

Out of those 10,000,000... only 2 are bugs, the others are small enhancements :)
Working for cloudficient.com
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎09-25-2009 01:51 AM

OK... Now I got one for Mike's *What would delight me* thread...
Include those 9,999,998 enhancement requests you have... :) :)

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

BruGuy
Level 6

‎09-25-2009 02:28 AM

Well, I think our security dept is going to be happy with this. They take the view that if it's a hole, someone will find a way to take advantage of it. Wouldn't be the first time either.
0 Kudos

Rob_Wilcox1
Level 6
Partner

‎09-25-2009 03:13 AM

@BruGuy,

My only suggestion then would be to contact Support, raise this as a formal issue.  I'm sure it would be good to work with Support to "prove" how this could be used as a hole.  I don't think it's possible.  For reference you can mention Etrack 1849424.  Of course if it can be proved that something bad can be done using this faking mechanism, it'll be sure to get a very high priority.
Working for cloudficient.com
0 Kudos