[Mimedefang] spurious "suspicious characters in body" warnings?
James Ralston
qralston+ml.mimedefang at andrew.cmu.edu
Thu Apr 3 19:55:01 EST 2003
I configured MIMEDefang to quarantine messages with suspicious
characters in either the headers or the body.
>From reading mimedefang.c, a suspicious character is either of the
following:
1. An NULL (ASCII 0x00) character.
2. An CR character not immediately followed by a NL character.
In the 24 hours that I've been running the system live, MIMEDefang has
quarantined 45 messages for having suspicious characters in their
bodies. The problem is, for all of the quarantine directories I've
examined so far, I've been unable to find any evidence that the
messages actually had suspicious characters. :/
For example:
$ cd qdir-2003-04-02-20.31.46-001
$ cat MSG.*
suspicious chars in body
$ od -a ENTIRE_MESSAGE | grep -E 'cr|nul' || echo "none found"
none found
$
The only other thing I can think of is that MIMEDefang "cleaned up"
the quarantined file, and I'm not actually looking at the raw data
that was received over the network. But I don't see anything in
mimedefang.c that would lead me to believe that is what's happening.
Suggestions? Thoughts?
Regards,
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
More information about the MIMEDefang
mailing list