[Mimedefang] Missed executable attachments with empty Content-Type

Kevin A. McGrail KMcGrail at PCCC.com
Tue Apr 28 10:06:27 EDT 2015

On 4/28/2015 9:44 AM, Tomasz Ostrowski wrote:
> My filter is depending on "re_match" function provided by MIMEdefang. 
> Also suggested-minimum-filter-for-windows-clients is using it.
> Mimedefang-filter man page says:
>> re_match returns true if any of the fields 
>> [Content-Disposition.filename,
>> Content-Type.name and Content-Description] matches the regexp without
>> regard to case.
> In my example Content-Type should match, but it doesn't because it is 
> probably deliberately broken enough to avoid detection by security 
> products. But not enough to not work in Email clients.
>> Anyway, I made a SpamAssassin rule to block these [SecureMessage.chm].
> I think this resolution is unsustainable - this technique might get 
> popular fast if this proves to foul filters. 

I took a little umbrage about your statement and wanted to rant for a 
moment about why.

1st, DFS in good faith gave a triage idea for your concern.

You however, didn't even thank her and pointed out the obvious. Namely, 
these bastards are always evolving their techniques.

2md MD is open-source and the enemy is the bastard spammers/malware 
authors.  Don't attack people trying to help, donating their time and 
giving you possible solutions.  Instead you might consider thanking 
them, providing feedback or even taking a swipe at the code and post a 


More information about the MIMEDefang mailing list