[Esd-l] Security Warning Message as Attachment

John D. Hardin jhardin at impsec.org
Thu Oct 17 06:29:01 PDT 2002

On Wed, 16 Oct 2002, Mike McCandless wrote:

> John, I am cutting/pasting below the results of an email I sent
> myself. I use a plain text format for email.  The results below
> are not in an attachment, but show up in the body.  One of our
> users is getting these messages (Security Warning) in an
> attachment.  I am clearly not.

I'd have to see the raw message (vs. a cut-and-paste of your mailer's 
display) to comment meaningfully.

> I'm confused:  your response indicated that the Security Warning
> would be in an attachment, but I'm clearly not getting it in one.  
> Can you help me understand the different behavior?

Reviewing the code confirms my memory: that the stripped warning is
inserted as a text/plain MIME body part in place of the stripped
atachment. A quick test also confirms this.

I think your mailer is hiding the fact that it's an attachment because
the MIME type is text/plain. Export the message and look at the raw

