After handling totally bogus filenames such as titles of forwarded emails in #165, we're now seeing attachments which have what looks like URI parameters attached to the filename:
The latter seems to be something specific to Lotus-Domino.
Even with the fix from #165 we still extract everything after the first dot as file extension and submit that as <hash>.png?cache=... to cuckoo. Since Cuckoo again does not cope well with this, we should consider cutting off everything atfer a ?. More generically we could parse the filename as URI and remove parameters. Or we look into making this an other-peoples'-problem and try to handle it in AMaViS.
Again, Wikipedia does not list any extensions with ?, ; or & in the name, likely for exactly the reason that they're used as URI parameter delimiter.
After handling totally bogus filenames such as titles of forwarded emails in #165, we're now seeing attachments which have what looks like URI parameters attached to the filename:
and:
The latter seems to be something specific to Lotus-Domino.
Even with the fix from #165 we still extract everything after the first dot as file extension and submit that as
<hash>.png?cache=...
to cuckoo. Since Cuckoo again does not cope well with this, we should consider cutting off everything atfer a?
. More generically we could parse the filename as URI and remove parameters. Or we look into making this an other-peoples'-problem and try to handle it in AMaViS.Again, Wikipedia does not list any extensions with
?
,;
or&
in the name, likely for exactly the reason that they're used as URI parameter delimiter.