[Mimedefang] Need clarification on MIME headers
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Wed Oct 30 11:23:01 EST 2002
Hello,
[config, see end of mail]
lots of virus infected mails we get, look like the following one:
# mimedefang.pl -structure <message
non-leaf: type=multipart/alternative; fname=; disp=inline
leaf: type=text/html; fname=; disp=inline
leaf: type=audio/x-midi; fname=border.bat; disp=inline
leaf: type=text/plain; fname=; disp=inline
However, this might be a bug in the MIME part parser, because pine v4.44
displays the original (non-MIMEDefang'ed) mail like so:
1 OK ~4 lines Text
2 91 KB Audio
3 Shown 0 lines Text
4 OK 3.1 KB Application
What Pine identifies as "3 Shown 0 lines Text" is actually a MIME part
where two MIME boundary lines follow each other immediately, with no line
between them, but which is not recognized by MIMEDefang, e.g.:
--U6m35198S717Re7c1O
Content-Type: audio/x-midi;
name=border.bat
Content-Transfer-Encoding: base64
Content-ID: <G9Bb19e8>
<<snip>>
--U6m35198S717Re7c1O
--U6m35198S717Re7c1O
Content-Type: application/octet-stream;
name=tn_twnex567_jpg[1].jpg
Content-Transfer-Encoding: base64
Content-ID: <G9Bb19e8>
These two last MIME parts are re-written by MIMEDefang into:
--U6m35198S717Re7c1O
Content-Disposition: inline
Content-Type: application/octet-stream;
name=tn_twnex567_jpg[1].jpg
Content-Transfer-Encoding: base64
Content-ID: <G9Bb19e8>
With the empty line after "Content-Disposition".
=======
# mimedefang.pl -features
MIMEDefang version 2.24
File::Scan : yes
HTML::Parser : yes
HTMLCleaner : yes
Path:CONFDIR : yes (/etc/mail)
Path:QUARANTINEDIR : yes (/var/spool/MIMEDefang)
Path:SENDMAIL : yes (/usr/local/sbin/sendmail)
Path:SPOOLDIR : yes (/var/spool/MIMEDefang)
SpamAssassin : yes
Unix::Syslog : yes
Virus:FileScan : yes
Virus:NAI : yes (/usr/local/uvscan/uvscan)
Virus:OpenAV : yes
Virus:AVP : no
Virus:CLAMAV : no
Virus:CLAMD : no
Virus:FPROT : no
Virus:FSAV : no
Virus:HBEDV : no
Virus:NVCC : no
Virus:RAV : no
Virus:SOPHIE : no
Virus:SOPHOS : no
Virus:TREND : no
IO::Socket : Version 1.26
MIME::Tools : Version 5.411
MIME::Words : Version 5.404
Digest::SHA1 : Version 2.01
Mail::SpamAssassin : Version 2.31
Anomy::HTMLCleaner : Version 1.16
File::Scan : Version 0.37
HTML::Parser : Version 3.26
Unix::Syslog : Version 0.98
======
--
Steffen Kaiser
More information about the MIMEDefang
mailing list