[Mimedefang] Invalid "mimedefang.pl -structure" output and virus scanning behaviour
David F. Skoll
dfs at roaringpenguin.com
Mon Mar 1 10:25:31 EST 2004
On Mon, 1 Mar 2004, Steffen Kaiser wrote:
> This makes three weaknesses in the MIME::Tools so far.
I disagree. There are an infinite number of these kinds of "weaknesses"
(a poster e-mailed me one off-list in the hopes that I'd code a workaround.)
The reason is that there are an infinite number of ways to mangle MIME, and
it's a futile effort to write hacks to work around them.
The *ONLY* safe way to handle these situations is to canonicalize every
message that passes through your mail server by calling "action_rebuild()"
in filter_end.
Please note that I will not accept suggestions or patches to make MIMEDefang
parse broken MIME, for two reasons:
1) The upstream maintainers of MIME::tools and Mail::Tools will likely not
accept the patches.
2) Fixing one of the infinite "weaknesses" will leave infinity minus one
left to be fixed.
Bottom line: If you are worried about this, you *must* canonicalize
e-mail. It's the only secure solution.
Regards,
David.
More information about the MIMEDefang
mailing list