After handling totally bogus filenames such as titles of forwarded emails in #165, we're now seeing attachments which have what looks like URI parameters attached to the filename:
The latter seems to be something specific to Lotus-Domino.
Even with the fix from #165 we still extract everything after the first dot as file extension and submit that as <hash>.png?cache=... to cuckoo. Since Cuckoo again does not cope well with this, we should consider cutting off everything atfer a ?. More generically we could parse the filename as URI and remove parameters. Or we look into making this an other-peoples'-problem and try to handle it in AMaViS.
Again, Wikipedia does not list any extensions with ?, ; or & in the name, likely for exactly the reason that they're used as URI parameter delimiter.
After handling totally bogus filenames such as titles of forwarded emails in #165, we're now seeing attachments which have what looks like URI parameters attached to the filename:
and:
The latter seems to be something specific to Lotus-Domino.
Even with the fix from #165 we still extract everything after the first dot as file extension and submit that as
<hash>.png?cache=...to cuckoo. Since Cuckoo again does not cope well with this, we should consider cutting off everything atfer a?. More generically we could parse the filename as URI and remove parameters. Or we look into making this an other-peoples'-problem and try to handle it in AMaViS.Again, Wikipedia does not list any extensions with
?,;or&in the name, likely for exactly the reason that they're used as URI parameter delimiter.