[Esa-l]Sircam with application/mixed

John D. Hardin jhardin at impsec.org
Tue Jul 31 19:22:41 PDT 2001


On Tue, 31 Jul 2001, Lee Howard wrote:

> Currently I'm seeing 40-50 instances of Sircam get caught daily,
> but I am seeing some few get through.

Get through the virus scanner to the sanitizer, or get through the
combination to the end user?

> The only oddity about them that I notice is this:
> 
> X-Content-Security: [server.deanox.com] original Content-Type was
> application/mixed;
> Content-Type: application/octet-stream;
> name="eurotecnica.doc.6177DEFANGED-bat"
> Content-Disposition: attachment;  filename="eurotecnica.doc.6177DEFANGED-bat"
> 
> If I then run the same antivirus program on that attachment the
> antivirus program catches the virus just fine.  So, my assumption
> then, is that metamail is not decoding to file the MIME attachment
> because of the Content-Type being "application/mixed".

Is application/mixed even valid? I've never seen /mixed except in the
context of multipart/mixed. This could well be the problem. 

You might want to add "application/mixed" to /etc/mime.types, and make
it the same as application/octet-stream.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1190 days until the Presidential Election



More information about the esd-l mailing list