[Mimedefang] suspicious characters in headers

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 12 Aug 2010, Fred Bacon wrote:

> of Allergy and Infectious Diseases.  I can't see anything which I would
> consider suspicious in the headers listed in the quarantine message.
>
> Could someone explain what constitutes "suspicious characters" and how
> this might be circumvented for these messages?  Is there any control
> over the algorithm, or is this a case where I have to turn off this
> feature completely to avoid the problem?

See "mimedefang.c" safe_append_header(). Suspicious characters are CR 
('\r'), which are not followed by LF ('\n').

You see that the function does replace those lone CRs by a single space. 
Others might interprete this RFC-violating fact as LF, hence, there would 
be another header that the MUAs would parse, with many implications.

You could try:

1) tell the sender that the message is malformed and point them where,
2) rebuilt the messages from the gov and reject the others. I suppose 
MIMEDefang uses "safe" headers then, but I never tried that myself.

I had the same problem with a CVS check-in announcement list, where the 
Subject header line had embedded CRs taken from the checkin comment, 
because the software interpreted the comment in Unix-style, but some 
clients uploaded Windows-style text.

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBTGTyGUgddVksjRnHAQLqSggAhbK72NaYX/4IOjPr+fGiVh0iTzaSJcsW
4hNa0UEI1tP6skTYN4LEw/6Ike+yC/YeEe4Dwat1Jhi/PkOL9FxdIzrwe18LdHvf
ztsnfBATpH2Hp5iPa+xTsfuIVgCSexOmbA61H6yMq50WjZdhim7TqWCwgFE4yJwp
i7GGCHwI5pP6O9q6rjVNI9xSv32Mepz7ewXYd6TTgCZFn9kp5N37JJWK/OWFjKXc
GuKOwZvHvB6dAizBYcNrVVM98l20OQ5Iqo6V235v0XpIbIWfumnlbZW4jNjayIy/
2jDsmr9/lTS7CbFylsZ1CkFIRJHZy2QdnUtt00RqNFf2tGtRNXJq8A==
=QFLZ
-----END PGP SIGNATURE-----