[Esa-l] attachments being renamed.

John D. Hardin jhardin at wolfenet.com
Tue Feb 13 07:21:12 PST 2001

On Mon, 12 Feb 2001, Lee Howard wrote:

> I have a fax system which e-mails me incoming faxes as TIFF attachments.
> I updated html-trap.procmail on Saturday.  Before updating, the attachment
> names were something like:
> "FAX from +7863888659 at 2001_01_29 16_24_49.tiff"
> (agreed, a very ugly file name)  Now my faxes arrive to me as TIFF
> attachments which are *all* named:
> "default.tif"
> The fact that the name does not vary is a problem, although not a
> serious one.  But mostly my concern is if this is expected
> behavior or not.  Can someone tell me?

This probably means that your fax software is supplying a filename=""
clause to the Content-Disposition: MIME header, but omitting a name=""
clause on the Content-Type: header.

The sanitizer supplying a default name is to avoid social engineering
attacks using totally unnamed attachments - see the discussion of
HTML.dropper on bugtraq.

Ideally it should use the name from the other MIME header, but the
Content-Disposition MIME header occurs after the Content-Type
header and the sanitizer doesn't rewind.

If the fax server software is open source, you could hack it to add
the name="" clause when it generates the MIME. Otherwise contact the
vendor and request it.

Interesting that you're seeing "default.tif". The sanitizer just
inserts "default" with no extension. Maybe it's not a good defense
against social engineering if the mail client insists on adding an

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
                                    <davidb at ce.washington.edu>
   109 days until Mir deorbits

More information about the esd-l mailing list