[Mimedefang] Bare returns in message body
tometzky at batory.org.pl
Thu Nov 10 13:15:51 EST 2005
On Wed, 09 Nov 2005, Jan Pieter Cornet wrote:
> However, you're ALSO removing lone CRs in the process, CR characters
> that a MUA will see, and might react upon (it might even trigger
> a bug in the MUA... a bug which is scanned for in some virus scanner,
> but that fails to detect it because the CR characters aren't there.
> This is speculation, however).
I remember a post to bugtraq that dealt with this as a security
problem - I cannot google it though right now. There is a client
software that treated bare <cr> and bare <lf> like <crlf> but an
antivirus gateway did not and haven't found an included virus.
In that post there were 2 possible solutions:
1. reject bare <cr> and bare <lf> on the wire - not acceptable
because of crappy SMTP software;
2. modify a message at gateway converting all bare <cr>'s and bare
<lf>'s to <crlf>, so we're sure that every software will treat this
in the same way - this violates RFC (modifies a message at gateway)
but it's not a problem with a message that already violates RFC.
It would be nice for mimedefang to follow this second approach -
every message violating <crlf> should be converted before checking
attachment names, using virus scanners or spamassassin and should be
returned to sendmail also converted.
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
Winnie the Pooh
More information about the MIMEDefang