[Esd-l] Weird behavior on some attachments

John D. Hardin jhardin at impsec.org
Thu Dec 20 20:10:01 PST 2001

On Thu, 20 Dec 2001, Mark Wendt wrote:

> I send the same attachment through Outhouse 2002, mail goes to the
> server, I pop the server, get the email back, and find that the
> attachment has been seen as a UUE attachment, and it mangles the
> extension.

...UUE? A mailer written in 2001 is generating UUE attachments?

> This time, the attachment is seen as a MIME attachment, and the
> attachment is supposedly stripped, at least I don't see the
> attachment as an attachment, but guess what?  The whole damned
> attachment is now 99.999% of the body of the email in all it's
> glorious MIME gobbledy gook.

That sounds like it's been poisoned, not stripped, and no quarantine
is defined. See the page that describes mangling and unmangling for
more details.

Are you sure you're specifying to strip that extension and not poison

Do you have a quarantine for poisoned messages defined?

> 	Oh great Sanitizer Gods, how can I make the Sanitizer behave
> (I know I can't make the Microshite products behave.....) the same
> for the M$ products as they do for most normal email clients.  I
> just want to strip the attachment completely off, leaving the body
> of the email intact.

Configuration questions:

1) what's in your /etc/procmailrc file?

2) what's in your policy files (stripping and poisoning)?

Debugging task:

Set up an account that bypasses the sanitizer completely, mail a test
message that you want stripped to that account from LookOut 2000 and
LookOut 2002, and then gzip the mailbox and send it to me. I'll test
and see what happens here.

