[Mimedefang] Malformed MIME: A warning
Michael D. Sofka
sofkam at rpi.edu
Thu Apr 25 15:14:37 EDT 2002
Another warning. Applying the patch causes MIME::Tools 5.411 to
fail 5 of the tests in Ref.t. If you use MIME::Tools for other scripts
on the same machine (as I do), this may cause problems.
Mike
At 06:58 PM 4/24/2002 -0400, David F. Skoll wrote:
>Hi,
>
>Just a warning about trying to be too clever with bad MIME.
>
>Consider this header:
>
>Content-type: application/octet-stream; name=foo bar.pif
>
>Most people would want MIMEDefang to interpret the name as "foo bar.pif"
>and filter it out.
>
>How about:
>
>Content-type: application/octet-stream; name=foo.exe blat.txt
>
>Do you want the name to be "foo.exe blat.txt"? A correctly-written
>Windows MUA (assuming such a beast even exists) will interepret the
>name as "foo.exe", although MIMEDefang interprets it as a ".txt"
>extension.
>
>OK, so we check for two dots in filenames in MIMEDefang and disallow them.
>Then innocuous things like "report-2002.04.01.txt" get stopped.
>
>So we check for ".exe", etc anywhere in the filename. That works,
>but again, "test.exe.txt" is innocuous, but would get stopped.
>
>The bottom line is that if your MUA misinterprets malformed MIME, then
>it's an MUA bug which is very difficult to fix with server-based
>scanners.
>
>I think the most practical solution is in fact to greedily interpret
>the name, and have a function similar to re_match_ext which looks for
>an extension anywhere in the filename (to catch the "foo.exe blat.txt"
>case). This will be in the next release.
>
>Regards,
>
>David.
>
>_______________________________________________
>MIMEDefang mailing list
>MIMEDefang at lists.roaringpenguin.com
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Michael Sofka sofkam at rpi.edu
CCT Sr. Systems Programmer email, webmail, listproc, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
More information about the MIMEDefang
mailing list