[Mimedefang] Invalid "mimedefang.pl -structure" output and virus scanning behaviour
Dirk Mueller
dmuell at gmx.net
Mon Mar 1 13:11:39 EST 2004
On Monday 01 March 2004 17:46, Richard Laager wrote:
> Is there any harm in doing this? Does it take a lot of CPU?
Probably.
> Will it break digital signatures?
Yes. Some digital signatures expect unmodified mime headers.
> It sounds like a good idea, but I'm afraid
> of potential downsides.
The most important downside is that malware content will still slip through to
the user. The user might then still be able to decode the viral content and
run it.
Our problem is not so much that some malformed MIME exploits the MUA, but more
protecting the user from their own stupidity by running an attachment. See
MyDoom: it was one of the worst virus floods in the last few months, and it
worked all by itself because people who received the worm email thought that
there is something worth executing in the attachment. And it only stopped
because the worm author was nice enough to built in an expire date.
I'm afraid the unconditional rebuilding of the MIME parts will break a lot of
legitimate mail. I've tried doing that for about a day, and then got so many
complains about totally garbled legitimate mail (like newsletters) that I had
to stop doing it again.
It seems in the long run we have to get rid of MIMEDefang. Thats a shame,
since it worked so great in all other aspects.
Dirk
More information about the MIMEDefang
mailing list