[Mimedefang] Exporting an eml file from MIMEDefang

David F. Skoll dfs at roaringpenguin.com
Thu Oct 14 06:39:38 EDT 2010


Nigel Allen wrote:

> The required file name format is:

> "Mail_"

> StrataNumber

> "_11-Email_"

> Email Subject (max 64 characters)

> ".eml"

You want to be careful.  What if I make the email subject:

Subject: ../../../../Hello_World

You need to sanitize the Subject to remove potentially-dangerous characters.
Dumping files into /tmp and giving an attacker substantial control over
the filename is a recipe for trouble.

I'll leave it to others to help you out with your Perl. :)

Regards,

David.



More information about the MIMEDefang mailing list