[Mimedefang] Need clarification on MIME headers

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Wed Oct 30 11:23:01 EST 2002 

Hello,

[config, see end of mail]

lots of virus infected mails we get, look like the following one:

# mimedefang.pl -structure <message
non-leaf: type=multipart/alternative; fname=; disp=inline
    leaf: type=text/html; fname=; disp=inline
    leaf: type=audio/x-midi; fname=border.bat; disp=inline
    leaf: type=text/plain; fname=; disp=inline

However, this might be a bug in the MIME part parser, because pine v4.44
displays the original (non-MIMEDefang'ed) mail like so:
  1   OK      ~4 lines  Text
  2           91 KB     Audio
  3 Shown      0 lines  Text
  4   OK     3.1 KB     Application

What Pine identifies as "3 Shown 0 lines  Text" is actually a MIME part
where two MIME boundary lines follow each other immediately, with no line
between them, but which is not recognized by MIMEDefang, e.g.:

--U6m35198S717Re7c1O
Content-Type: audio/x-midi;
        name=border.bat
Content-Transfer-Encoding: base64
Content-ID: <G9Bb19e8>

<<snip>>
--U6m35198S717Re7c1O
--U6m35198S717Re7c1O
Content-Type: application/octet-stream;
        name=tn_twnex567_jpg[1].jpg
Content-Transfer-Encoding: base64
Content-ID: <G9Bb19e8>

These two last MIME parts are re-written by MIMEDefang into:

--U6m35198S717Re7c1O
Content-Disposition: inline

Content-Type: application/octet-stream;
        name=tn_twnex567_jpg[1].jpg
Content-Transfer-Encoding: base64
Content-ID: <G9Bb19e8>


With the empty line after "Content-Disposition".

=======

# mimedefang.pl -features
MIMEDefang version 2.24

File::Scan                    : yes
HTML::Parser                  : yes
HTMLCleaner                   : yes
Path:CONFDIR                  : yes (/etc/mail)
Path:QUARANTINEDIR            : yes (/var/spool/MIMEDefang)
Path:SENDMAIL                 : yes (/usr/local/sbin/sendmail)
Path:SPOOLDIR                 : yes (/var/spool/MIMEDefang)
SpamAssassin                  : yes
Unix::Syslog                  : yes
Virus:FileScan                : yes
Virus:NAI                     : yes (/usr/local/uvscan/uvscan)
Virus:OpenAV                  : yes
Virus:AVP                     : no
Virus:CLAMAV                  : no
Virus:CLAMD                   : no
Virus:FPROT                   : no
Virus:FSAV                    : no
Virus:HBEDV                   : no
Virus:NVCC                    : no
Virus:RAV                     : no
Virus:SOPHIE                  : no
Virus:SOPHOS                  : no
Virus:TREND                   : no

IO::Socket                    : Version 1.26
MIME::Tools                   : Version 5.411
MIME::Words                   : Version 5.404
Digest::SHA1                  : Version 2.01
Mail::SpamAssassin            : Version 2.31
Anomy::HTMLCleaner            : Version 1.16
File::Scan                    : Version 0.37
HTML::Parser                  : Version 3.26
Unix::Syslog                  : Version 0.98
======

-- 

Steffen Kaiser

More information about the MIMEDefang mailing list