[Mimedefang] Erroneous bad-filename detection in mimedefang-filter
Ole Holm Nielsen
Ole.H.Nielsen at fysik.dtu.dk
Mon Sep 15 15:04:01 EDT 2003
I tried Michael's proposal for *not* filtering bad filenames
in case it's an MIME message/rfc822 attachment (a forwarded
E-mail). It works ! My messages with Subject: lines containing
bad Microsoft extensions (and Mozilla naming the attachments
according to the Subject: line) are now passing through
perfectly. Thanks a lot for your asistance !!
Can anyone conceive of possible holes opened up for viruses
in this way ? Otherwise I'd think this code ought to go into
the MimeDefang distribution example for mimedefang-filter.
Michael Sims wrote:
> Perhaps you could check the MIME type inside filter_bad_filename() by
> accessing the MIME::Entity object that is passed to it?
> Something like this:
>
> --- mimedefang-filter
> sub filter_bad_filename ($) {
>
> my($entity) = @_;
> my($bad_exts, $re);
>
> + return if (defined $entity->mime_type
> && $entity->mime_type =~ /message\/rfc822/);
> --- mimedefang-filter
Ole Holm Nielsen
Department of Physics
Technical University of Denmark
More information about the MIMEDefang
mailing list