[Esd-l] problems with version 1.136 (Mangle MIME type to TEXT/PLAIN, multipart/related inline images)

Peter van Campen Peter.vanCampen at sci.kun.nl
Tue Nov 5 07:08:01 PST 2002


John D. Hardin wrote:
>  Can anybody suggest a MIME type to use here? application/octet-stream
>  runs the risk of triggering OS magic filetype determination and may
>  not effectively prevent execution. text/plain apparently will cause
>  some mailers to do textish things to the file (EOL conversions,
>  maybe? Line wrap?)

Maybe something like application/DEFANGEDoctet-stream ?
>  > If the inline image is defanged, producing <DEFANGED_IMG
>  > src="cid...>, the user doesn't see the reference or the
>  > attachment. For a reference to an attached part, it perhaps
>  > wouldn't be necessary to defang it?
>  Well, I'm leery of making the filter too smart. The smarter it is, the
>  more likely there will be a way to bypass it.
>  Also, needing to look to the arguments of a tag pulls in all kinds of
>  parsing overhead, like skipping intermediate options, multiline
>  matches, etc. This increases complexity, adds to the overhead and
>  gives me more opportunity to introduce a bug.

Maybe one could have something like:
	WARNING: Defanged inline image <DEFANGED_IMG 
instead of:
which produces no screen-output in some mailclients.

Another point: it might be wise for performance-reasons to change
the /etc/procmailrc to:
	#  Only use the sanitizer for mails less than 5MB
	* <5000000
Or is it stupid to think that large viruses do not spread?


More information about the esd-l mailing list