[Esa-l] How not to DEFANG 'clean' attachments?
John D. Hardin
jhardin at wolfenet.com
Fri Feb 16 19:16:04 PST 2001
On Fri, 16 Feb 2001, Juan Manuel Calvo wrote:
> Reading the code I see (pseudocode)
>
> run-macro-scanner;
>
> if ($score > $poison_score) {
print poisoning headers;
> print warning;
> }
>
> Only a warning is given, filename is not poisoned.
Conceptual point: filenames are mangled, messages are poisoned.
The document's filename cannot be altered because the body of the
document attachment is scanned after the MIME header containing the
filename gets written to the output stream. All we can do is append
another MIME body part containing the warning, and the MIME headers
for that contain the headers that mark the message as poisoned.
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin at wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute an
emergency on my part.
- David W. Barts in a.s.r
<davidb at ce.washington.edu>
-----------------------------------------------------------------------
106 days until Mir deorbits
More information about the esd-l
mailing list