[Mimedefang] Fw: Outlook will see non-existing attachments
David F. Skoll
dfs at roaringpenguin.com
Fri Feb 15 08:27:55 EST 2002
On Fri, 15 Feb 2002, Mihai Cristian Jitaru wrote:
> David, can MIMEDefang protect against this ?
That's a good question. I believe (but I'm not certain) that the MIME-tools
package has the same "feature" as Outlook, and will interpret CR as
CR-LF. Therefore, it will also see the attachment.
However, I have not tested it.
On another note: I strongly recommend that everyone update their
MIMEDefang filters to block attachments of type audio/*. There's a
Windows virus out there which attaches itself as MIME type audio/*.
It produces malformed MIME headers which allow it to get past
MIMEDefang. Now, *correctly-written* mail user agents will interpret
the malformed MIME the same way as MIMEDefang, and you will not be at
risk. However, there is a risk that some mail user agents will
misinterpret the malformed header and allow the virus to be
executable.
The virus adds headers like this:
Content-Type: audio/x-midi;
name=Page 1.exe
The unquoted name makes MIMEDefang see the attachment name as "Page" instead
of "Page 1.exe".
Add this to your filter:
sub filter {
my($entity, $fname, $ext, $type) = @_;
my($lc_type);
$lc_type = $type;
$lc_type =~ tr/A-Z/a-z/;
if ($lc_type =~ m+^audio/+) {
# I use action_bounce; you may prefer action_drop_with_warning
# or action_quarantine
return action_bounce("Attachments of type $lc_type not accepted.");
}
# .. rest of filter ..
}
Regards,
David.
More information about the MIMEDefang
mailing list