[Esd-l] Re: procmail sanitizer and 8-bit attachments.

John D. Hardin jhardin at impsec.org
Tue Jun 24 20:58:43 PDT 2003


On Tue, 24 Jun 2003, Joe Steele wrote:

> Unfortunately, it needs to be pretty broad.  I tested the following 
> header with older and newer versions of MS Outlook/OE (note the 
> absence of quotations

The sanitizer cleans up missing quotes.

> , the addition of text before the '=?'

Oops. See below.

> , and the  use of a non-"iso" char. set):
> 
>  Content-Type: application/octet-stream; 
>   name=test=?us-ascii?B?TW92aWVfMDA3NC5tcGVnLmJhdA==?=
> 
> The result was that Outlook interprets the header to read:
> 
>  Content-Type: application/octet-stream; 
>   name="testMovie_0074.mpeg.bat"
> 
> >  * ^Content-(Type|Disposition):.*name="=\?[^?"]+\?[BQ]\?
> > 
> > ..is as general as I'd dare get.
> 
> To deal with the missing quotes and the added text, it probably needs 
> to be (at the risk of again being too broad):
> 
>  * ^Content-(Type|Disposition):.*name=.*=\?[^?]+\?[BQ]\?

How about:

   * ^Content-(Type|Disposition):.*name *= *"?[^"=]*=\?[^?"]+\?[BQ]\?

The "? would be a plain " if the rule appeared after sanitizing, in a
non-"local rule" context.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
-----------------------------------------------------------------------
   497 days until the Presidential Election



More information about the esd-l mailing list