[Mimedefang] WARNING: "klez.e" made it through!
David F. Skoll
dfs at roaringpenguin.com
Tue Feb 12 13:03:47 EST 2002
Hi,
I received a klez.e virus which made it through MIMEDefang. This was
totally mystifying. Here are the MIME headers for the part that
should have been stripped:
--K152t11Z2N58
Content-Type: audio/x-midi;
name=Page 1.exe
Content-Transfer-Encoding: base64
Content-ID: <C678Kgm8y35D>
That is illegal MIME. It should be:
--K152t11Z2N58
Content-Type: audio/x-midi;
name="Page 1.exe"
Note the quotes. The MIME::tools module seems to take the name as
"Page" rather than "Page 1.exe". My mail reader also interprets MIME
strictly and thinks the attachment is called "Page". However, some Windows
mail readers may be lenient and accept the whole name, in which case
we have a problem.
Any suggestion as to how to fix this? I will write to the MIME::tools
maintainer.
Regards,
David.
Roaring Penguin Software Inc. | http://www.roaringpenguin.com
GPG fingerprint: C523 771C 3710 0F54 B2D2 4B0D C6EF 6991 34AB 95BA
GPG public key: http://www.roaringpenguin.com/dskoll-key-2002.txt ID: 34AB95BA
More information about the MIMEDefang
mailing list