[Esa-l] How not to DEFANG 'clean' attachments?

John D. Hardin jhardin at wolfenet.com
Fri Feb 16 19:16:04 PST 2001

On Fri, 16 Feb 2001, Juan Manuel Calvo wrote:

> Reading the code I see (pseudocode)
> run-macro-scanner;
> if ($score  > $poison_score) {

     print poisoning headers;

>    print warning;
> }
> Only a warning is given, filename is not poisoned. 

Conceptual point: filenames are mangled, messages are poisoned.

The document's filename cannot be altered because the body of the
document attachment is scanned after the MIME header containing the
filename gets written to the output stream. All we can do is append
another MIME body part containing the warning, and the MIME headers
for that contain the headers that mark the message as poisoned.

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
                                    <davidb at ce.washington.edu>
   106 days until Mir deorbits

More information about the esd-l mailing list