[Mimedefang] Erroneous bad-filename detection in mimedefang-filter

Michael Sims michaels at crye-leike.com
Mon Sep 15 10:13:01 EDT 2003


mimedefang-admin at lists.roaringpenguin.com wrote:
> If I *forward* an E-mail message with a Subject: line
> containing any of the MS-Windows extensions as a substring,
> for example "There is a test.com in this subject", then
> the filename of this message/rfc822 attachment will
> get caught as a "bad extension" in filter_bad_filename().

I just tested this myself by forwarding some emails from Outlook to myself
(one of which contained the string "test.com").  I think I see why this
hasn't come up very often before.  In Outlook, the message/rfc822 attachment
is unnamed.  It looks like Mozilla's mail client gives the attachment the
same name as the Subject header.  In your example:

-----
Content-Type: message/rfc822;
  name="Rejected sshd network connection from host server2.gimnet.com
(212.131.211.131)"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
  filename="Rejected sshd network connection from host
server2.gimnet.com (212.131.211.131)"
-----

In my test message:

-----
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment
-----

> IMHO, the "bad extension" code needs to be rewritten in
> filter_bad_filename() so that it'll detect only bad
> extensions at the end of the filename string.  Since
> I'm not familiar with Perl, I can't offer a patch (sorry).

This has been addressed a couple of times on the list.  See:

http://lists.roaringpenguin.com/pipermail/mimedefang/2003-March/004636.html

Perhaps you could check the MIME type inside filter_bad_filename() by
accessing the MIME::Entity object that is passed to it?
Something like this:

--- mimedefang-filter
  sub filter_bad_filename ($) {

    my($entity) = @_;
    my($bad_exts, $re);

+   return if (defined $entity->mime_type
               && $entity->mime_type =~ /message\/rfc822/);
--- mimedefang-filter

Of course, that is untested.  I would suggest trying it on a test box first
if you have one handy.  Just a thought...

___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___________________________________________




More information about the MIMEDefang mailing list