[Mimedefang] message/partial

Kevin A. McGrail kmcgrail at pccc.com
Thu Dec 2 11:28:08 EST 2004


$0.02: There *are* exploits that utilizes JPEG as the delivery method for 
virii on Windows boxes.  Plus, 99.9% certain there are known and recent 
buffer overruns with libraries for PNG, BMP and JPEG on *nix.

See: http://www.enterpriseitplanet.com/security/news/article.php/3418321

Regards,
KAM

> Rolf wrote:
>> what is the security risk with message/partial?
>>
>> Sending 7 emails each with a picture attachment doesn't seem to me to be 
>> an issue per se, so I presume that their mail client might have split it 
>> up. Any clients known to do this? Workarounds?
>
> If the email is JPEG image, as in your case, there's no harm.  However, if 
> the email contains virus, and it is sent as message/partial, it can't be 
> detected by virus scanners.  Theoreticall, each mail could contain only 
> one byte of the actuall virus code.  There's no way for virus scanners to 
> scan such an email.  Most commercial anti-virus tools will block 
> message/partial by default also.  None that I know of will attempt to 
> reassemble the email.




More information about the MIMEDefang mailing list