[Mimedefang] limiting nested mime multiparts
Kelsey Cummings
kgc at sonic.net
Sun Apr 4 15:58:17 EDT 2004
I need to implement a filter that will block nested multiparts beyond a
certain depth before handing off to the virus filters. Anyone using clamav
ought to be interested in this too, since a deeply nested message will make
clamd use obscene amounts of RAM. These deeply nested messages typically
are the result of the mail loop, and I'd love to be able to reject them. I
notice that gmail (I guess it wasn't an april fools joke?) is doing this.
I've reviwed the MIME:Parser module but don't see a method for finding the
depth of recursion. The existing MaxMIMEParts doesn't seem to catch this,
or it it's supposed to, it's not working for me, even with the patched
MIME:Parser module.
Any suggestions?
Given the spreading use of MD and ClamAV, this amounts to a fairly
effective DoS attack today. A few carefully crafted message sent to a
couple big list could cause a significant disturbance in the force!
--
Kelsey Cummings - kgc at sonic.net sonic.net, inc.
System Administrator 2260 Apollo Way
707.522.1000 (Voice) Santa Rosa, CA 95407
707.547.2199 (Fax) http://www.sonic.net/
Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896
More information about the MIMEDefang
mailing list