[Mimedefang] Bug in action_defang?

[Sidney Markowitz]

I'm still running MIMEDefang version 2.21, but I did not notice this problem
addressed in the change log nor in the code that seems to be involved when I looked
at the 2.24 sources.

I have the following snippet of code in my filter_end sub to defang spam that is
identified by SpamAssassin:

  # similar to the SpamAssassin defang option. protect against evil spam
  my $head = $entity->head;
  my $mt = $head->mime_type;
  if (defined $mt && $mt ne '' && $mt !~ m{text/plain}i) {
      action_defang($entity, "", "", "text/plain");
  }

I recently had two pieces of spam display their embedded html porn images even though
they were "defanged". I don't have copies of the original message before running them
through MIMEDefang, but the result after defanging had headers that look like this
(just a contiguous subset of the actual headers):

 From: "Carolyn Sanders" <leave-ns1-867632A at mail1.freegeniegifts.com>
 MIME-Version: 1.0
 Content-Type: multipart/mixed; boundary="----------=_1035565234-1904-159"
 List-Unsubscribe: <mailto:leave-ns1-867632A at mail1.freegeniegifts.com>
 Reply-To: "sidney at sidney.com" <leave-ns1-867632A at mail1.freegeniegifts.com>
 Message-Id:
<LISTMANAGER-867632-710-2002.10.25-08.14.55--sidney#sidney.com at mail1.freegeniegifts.c
om>
 MIME-Version: 1.0
 Content-Type: text/html; charset=us-ascii

When this was displayed in Outlook Express, it seemed to use the second Content-Type
header and treated the entire message as HTML rather than as multipart/mixed,
ignoring the MIME boundaries.

I conjecture that the original mail had two Content-Type headers and the code in
action_defang replaces only the first Content-Type header when there are two, leaving
the second one active.

Is that what is happening and is this a bug in action_defang? Am I using
action_defang incorrectly or should I do something to remove extra Content-Type
headers before calling action_defang?

 -- sidney