[Esa-l] attachments being renamed.

Lee Howard faxguy at deanox.com
Tue Feb 13 11:26:32 PST 2001 

At 07:21 AM 2/13/01 -0800, John D. Hardin wrote:
>On Mon, 12 Feb 2001, Lee Howard wrote:
>
>> I have a fax system which e-mails me incoming faxes as TIFF attachments.
>> 
>> I updated html-trap.procmail on Saturday.  Before updating, the attachment
>> names were something like:
>> 
>> "FAX from +7863888659 at 2001_01_29 16_24_49.tiff"
>> 
>> (agreed, a very ugly file name)  Now my faxes arrive to me as TIFF
>> attachments which are *all* named:
>> 
>> "default.tif"
>> 
>> The fact that the name does not vary is a problem, although not a
>> serious one.  But mostly my concern is if this is expected
>> behavior or not.  Can someone tell me?
>
>This probably means that your fax software is supplying a filename=""
>clause to the Content-Disposition: MIME header, but omitting a name=""
>clause on the Content-Type: header.

It's a perl script that does the work, but there is no Content-Disposition
header.  Here are the essentials from it:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
From: HylaFAX Server < $fromaddr >
To: $toaddr
Subject: FAX from $info{sender} at $info{received}
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary=\"$boundary\"
Content-Transfer-Encoding: 7bit

This is a multi-part message in MIME format.

--$boundary
Content-Type: text/plain; charset=us-ascii
Content-Description: FAX information
Content-Transfer-Encoding: 7bit

--$boundary
Content-Type: image/tiff
Content-Description: FAX from $info{sender} at $info{received}
Content-Transfer-Encoding: base64

--$boundary--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Do I change the Content-Type line to read?:

Content-Type: image/tiff; name="FAX from $info{sender} at $info{received}"

>Interesting that you're seeing "default.tif". The sanitizer just
>inserts "default" with no extension. Maybe it's not a good defense
>against social engineering if the mail client insists on adding an
>extension...

Hrmmm... I'm using that darn Outlook Express in this particular case.  Does
that mean that if the Content-Type line had been something like
application/vbs that it would have "gotten around" the sanitizer?

Thanks for a wonderful utility.

Lee.

More information about the esd-l mailing list