[Mimedefang] TestVirus.org

[Paul]

>The MIME continuation vulnerability exploits a bug in Outlook.
>MIMEDefang interprets the message correctly according to the MIME
>RFCs.

I just checked up on that and found you are right David. One of the reasons I'm not using Outhouse is because of all it's bugs and vulnerabilities. Unfortunately do there are many sheep who don't know better than to use it as it came with their computer.

>As I wrote before many times, I have no intention of making MIMEDefang
>"bug-for-bug" compatible with various buggy MUAs.  If you're really
>concerned about this thing, the *ONLY* sane response is to canonicalize
>every single message coming into your system by using
>action_rebuild().  This will ensure that every message handed off by
>MIMEDefang is a well-formed MIME message, and should reduce the
>likelihood of misinterpretation by buggy MUAs.

Can you say 'overhead'? ;-) But I again agree with you. I ran this on my private network and am not worried as it's a 21st centrury system with indoor plumbing so no Outhouse allowed. :-)  I can see production systems or ISP's possibly having to go this route when this particular bug in Outhouse gets exploited on a wide scale.

Paul