[Mimedefang] Erroneous bad-filename detection in mimedefang-filter

[Ole Holm Nielsen]

I did more experimentation on bad filename detection in
mimedefang-filter.  It turns out that the culprit seems
to be the MS-Windows extensions in filter_bad_filename().

If I *forward* an E-mail message with a Subject: line
containing any of the MS-Windows extensions as a substring,
for example "There is a test.com in this subject", then
the filename of this message/rfc822 attachment will
get caught as a "bad extension" in filter_bad_filename().

IMHO, the "bad extension" code needs to be rewritten in
filter_bad_filename() so that it'll detect only bad
extensions at the end of the filename string.  Since
I'm not familiar with Perl, I can't offer a patch (sorry).

Even then, a legitimate message may have a Subject: line
ending in one of the bad extensions, like "Message
from support at company.com", which is subsequently going to
be detected as a bad filename.  I guess that the code in
filter_multipart() may need some tweaking so that
bad extensions should be permitted for message/rfc822
attachments - but perhaps that opens up an opportunity
for clever virus writers ?

Can anyone suggest changes to filter_multipart() which
will permit us to disable calls to filter_bad_filename()
for Content-Type: message/rfc822 ?  At the very least,
this ought to be a configurable option.

Ole Holm Nielsen
Department of Physics
Technical University of Denmark