[Mimedefang] message/partial
Kevin A. McGrail
kmcgrail at pccc.com
Thu Dec 2 11:28:08 EST 2004
$0.02: There *are* exploits that utilizes JPEG as the delivery method for
virii on Windows boxes. Plus, 99.9% certain there are known and recent
buffer overruns with libraries for PNG, BMP and JPEG on *nix.
See: http://www.enterpriseitplanet.com/security/news/article.php/3418321
Regards,
KAM
> Rolf wrote:
>> what is the security risk with message/partial?
>>
>> Sending 7 emails each with a picture attachment doesn't seem to me to be
>> an issue per se, so I presume that their mail client might have split it
>> up. Any clients known to do this? Workarounds?
>
> If the email is JPEG image, as in your case, there's no harm. However, if
> the email contains virus, and it is sent as message/partial, it can't be
> detected by virus scanners. Theoreticall, each mail could contain only
> one byte of the actuall virus code. There's no way for virus scanners to
> scan such an email. Most commercial anti-virus tools will block
> message/partial by default also. None that I know of will attempt to
> reassemble the email.
More information about the MIMEDefang
mailing list