[Esd-l] problems with version 1.136 (Mangle MIME type to
TEXT/PLAIN, multipart/related inline images)
Peter van Campen
Peter.vanCampen at sci.kun.nl
Tue Nov 5 07:08:01 PST 2002
John D. Hardin wrote:
> Can anybody suggest a MIME type to use here? application/octet-stream
> runs the risk of triggering OS magic filetype determination and may
> not effectively prevent execution. text/plain apparently will cause
> some mailers to do textish things to the file (EOL conversions,
> maybe? Line wrap?)
Maybe something like application/DEFANGEDoctet-stream ?
> > If the inline image is defanged, producing <DEFANGED_IMG
> > src="cid...>, the user doesn't see the reference or the
> > attachment. For a reference to an attached part, it perhaps
> > wouldn't be necessary to defang it?
> Well, I'm leery of making the filter too smart. The smarter it is, the
> more likely there will be a way to bypass it.
> Also, needing to look to the arguments of a tag pulls in all kinds of
> parsing overhead, like skipping intermediate options, multiline
> matches, etc. This increases complexity, adds to the overhead and
> gives me more opportunity to introduce a bug.
Maybe one could have something like:
WARNING: Defanged inline image <DEFANGED_IMG
which produces no screen-output in some mailclients.
Another point: it might be wise for performance-reasons to change
the /etc/procmailrc to:
# Only use the sanitizer for mails less than 5MB
Or is it stupid to think that large viruses do not spread?
More information about the esd-l