[Esd-l] Re: procmail sanitizer and 8-bit attachments.

Joe Steele joe at madewell.com
Tue Jun 24 10:02:26 PDT 2003


On Monday, June 23, 2003 10:07 PM, John D. Hardin wrote:
> On Mon, 23 Jun 2003, Joe Steele wrote:
> >
> > * ^Content-(Type|Disposition):.*name=.*=\?.*\?
>
> Too broad. Be *very* careful with .* patterns.

Unfortunately, it needs to be pretty broad.  I tested the following 
header with older and newer versions of MS Outlook/OE (note the 
absence of quotations, the addition of text before the '=?', and the 
use of a non-"iso" char. set):

 Content-Type: application/octet-stream; 
  name=test=?us-ascii?B?TW92aWVfMDA3NC5tcGVnLmJhdA==?=

The result was that Outlook interprets the header to read:

 Content-Type: application/octet-stream; 
  name="testMovie_0074.mpeg.bat"

>  * ^Content-(Type|Disposition):.*name="=\?[^?"]+\?[BQ]\?
> 
> ..is as general as I'd dare get.

To deal with the missing quotes and the added text, it probably needs 
to be (at the risk of again being too broad):

 * ^Content-(Type|Disposition):.*name=.*=\?[^?]+\?[BQ]\?


--Joe


More information about the esd-l mailing list