[Esa-l] forwarded emails slip through

Ken Thompson thompson at milestonesolutions.com
Mon Jun 12 04:29:31 PDT 2000 

Mr. Hardin:

First, let me convey a sincere thanks for all your hard work. I'm
convinced you have prevented many significant disasters.

After the recent flurry of viri and worms, I've clamped my site down,
including mangling of .xls and .doc extensions. After the whining and
complaining ceased, one user noticed that forwarded email slips through
the filter w/o mangling leaving 'double-clickable extensions'. I believe
this is because a forwarded MIME header is preceded by '- ' in the
forwarding process but the 'boundary="..."' is not similarly modified in
the forwarded headers, or these headers are not examined.  This causes
the script to skip over these headers w/o mangling the names (or
probably scanning the content).

What I see in a forwarded emails headers are:

    X-Received: 7 Jun 2000 13:23:17 GMT
    Date: Wed, 7 Jun 2000 09:23:11 -0400
    From: Ken Thompson <Ken.Thompson at satellink.net>
    To: Ken.Thompson at satellink.net
    Subject: [kate at milestonesolutions.com: test xls]

    ------- Start of forwarded message -------
    >From bin  Wed Jun  7 09:20:40 2000
    From: "Kate Thompson" <kate at milestonesolutions.com>
    To: <thompson at milestonesolutions.com>
    Cc: <thompson at satellink.net>
    Subject: test xls
    Date: Wed, 7 Jun 2000 09:30:20 -0400
    Content-Type: multipart/mixed;
    	boundary="----=_NextPart_000_0005_01BFD062.FFC47220"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200

    This is a multi-part message in MIME format.

    - ------=_NextPart_000_0005_01BFD062.FFC47220
    Content-Type: text/plain;
    	charset="iso-8859-1"
    Content-Transfer-Encoding: 7bit

In the original email the above line:

    '- ------=_NextPart_000_0005_01BFD062.FFC47220'

was:

    '------=_NextPart_000_0005_01BFD062.FFC47220'

Matching the original email header.

I apologize for not offering a solution, but I'm a Perl Hack and I'm
sure any implementation I'd provide would be lacking. I'm also unsure if
all MUA's use the '- ' sequence when modifying forwarded separators and
wasn't convinced that selecting lines ending in the boundary string was
optimal. 

Thanks again,

Ken Thompson

MileStone Solutions, Inc.                thompson at milestonesolutions.com
1169 Saint Andrews Circle              http://www.milestonesolutions.com
Dunwoody, GA  30338-3201                                    770.390.9973

More information about the esd-l mailing list