[Esd-l] Re: procmail sanitizer and 8-bit attachments.

John D. Hardin jhardin at impsec.org
Tue Jun 24 20:58:43 PDT 2003

On Tue, 24 Jun 2003, Joe Steele wrote:

> Unfortunately, it needs to be pretty broad.  I tested the following 
> header with older and newer versions of MS Outlook/OE (note the 
> absence of quotations

The sanitizer cleans up missing quotes.

> , the addition of text before the '=?'

Oops. See below.

> , and the  use of a non-"iso" char. set):
>  Content-Type: application/octet-stream; 
>   name=test=?us-ascii?B?TW92aWVfMDA3NC5tcGVnLmJhdA==?=
> The result was that Outlook interprets the header to read:
>  Content-Type: application/octet-stream; 
>   name="testMovie_0074.mpeg.bat"
> >  * ^Content-(Type|Disposition):.*name="=\?[^?"]+\?[BQ]\?
> > 
> > ..is as general as I'd dare get.
> To deal with the missing quotes and the added text, it probably needs 
> to be (at the risk of again being too broad):
>  * ^Content-(Type|Disposition):.*name=.*=\?[^?]+\?[BQ]\?

How about:

   * ^Content-(Type|Disposition):.*name *= *"?[^"=]*=\?[^?"]+\?[BQ]\?

The "? would be a plain " if the rule appeared after sanitizing, in a
non-"local rule" context.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
   497 days until the Presidential Election

More information about the esd-l mailing list