[Mimedefang] Invalid "mimedefang.pl -structure" output andvirus scanning behaviour
Lucas Albers
albersl at cs.montana.edu
Mon Mar 1 18:02:31 EST 2004
David F. Skoll said:
> On Mon, 1 Mar 2004, Les Mikesell wrote:
>
>> Since the typical reason for running MimeDefang is to protect the
>> MUA's, the safe approach would seem to be to always split with
>> your best-guess about the malformed MIME, then reassemble the
>> parts with correct MIME headers for the way you guessed.
>
> Which is exactly what I recommended. action_rebuild() does this.
> However, it does break certain MIME messages produced by marginal
> software, and it does user more CPU time and disk I/O, which is a concern
> on a busy server.
>
To make sure I inderstand this completelly
Doing an action_rebuild will only change mime messages that are invalid?
It will break some mime messages for some clients?
How often does this breakage occur?
The mydoom virus used invalid mime that would be been fixed if it
action_rebuild had been done on it?
Blocking harmful attachment types would have protected from this virus
irrespective of whether you were rebuilding mime types?
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list