[Esa-l]Sircam with application/mixed

Lee Howard faxguy at deanox.com
Tue Jul 31 19:35:18 PDT 2001


At 09:55 AM 7/31/01 -0600, Lee Howard wrote:
....
>Currently I'm seeing 40-50 instances of Sircam get caught daily, but I am
>seeing some few get through.  The only oddity about them that I notice is
>this:
>
>X-Content-Security: [server.deanox.com] original Content-Type was
>application/mixed;
>Content-Type: application/octet-stream;
>name="eurotecnica.doc.6177DEFANGED-bat"
>Content-Disposition: attachment;  filename="eurotecnica.doc.6177DEFANGED-bat"
>
>If I then run the same antivirus program on that attachment the antivirus
>program catches the virus just fine.  So, my assumption then, is that
>metamail is not decoding to file the MIME attachment because of the
>Content-Type being "application/mixed".

It turns out that on some systems, Sircam can generate MIME attachments
with invalid EOF sequences, so they were getting through due to the
decoding error.  I've worked around the problem by running metamail on the
mail as a file rather than the mail as standard input.  But... this has
nothing to do with the sanitizer.  Please excuse my noise.  However, Sircam
does indeed create a bogus MIME header.

Lee.



More information about the esd-l mailing list