[Mimedefang] Invalid "mimedefang.pl -structure" output and virus scanning behaviour
David F. Skoll
dfs at roaringpenguin.com
Mon Mar 1 13:34:01 EST 2004
On Mon, 1 Mar 2004, Dirk Mueller wrote:
> It seems in the long run we have to get rid of MIMEDefang. Thats a shame,
> since it worked so great in all other aspects.
Sorry, but comments like that make me upset. If you don't like the
way MIMEDefang parses MIME messages, then submit patches to the
maintainers of MIME::tools and Mail::Tools. And keep submitting as
the malformed-MIME-of-the-day problem is revealed.
Or better yet, make MIMEDefang unnecessary by getting rid of insecure
desktop software.
Here's an analogy: Suppose a programmer wrote a calculator program that
worked fine, except that for the specific case of "2 + 2", it responded "5".
One way to fix it would be to write a wrapper program that looks for the
key sequence "2", "+", "2", "=" and if detected, replaced the display
register with "4" instead of "5".
Another way would be to fix the code properly so it always worked.
Patching MIME::tools to "handle" malformed MIME is the first
programmer's approach. Getting rid of Outlook and Windows is the
second programmer's approach. Canonicalizing the e-mail is a sort of
compromise position.
Which do you suppose I advocate as the long-term solution? :-)
Regards,
David.
More information about the MIMEDefang
mailing list