On 2000-12-20, 15:14:46 (-0600), Michael Kellen wrote:
> Fire up outlook. Turn off signatures. Select plain text email.
> Create a new message -- never type anything in the body of the
> message. Attach a Word document (using "Insert->File"). Send the
> email through the sanitizer.
Thanks for the report. Any chance you could send me a sample (like
last time, to email@example.com)?
I've been working on the boundary-bug you reported last week, and have
made quite a bit of progress. Hopefully I'll be able to release a
fixed version around christmas. As I said, it *is* more complicated
than your fix implied. But I've almost got it licked... :-)
> I have tracked this down to the attempt in Anomy::MIMEStream::DecodeBase64
> to preserve the line length. Logs of an attempt like the above revealed
Cool, that'll speed up my debugging.
> My question is: Does this code serve a useful purpose (fix a bug) or is
> it there to try and preserve the original message in as
> untouched a state as possible?
Both! Preserving the original message serves the purpose of letting
us scan e.g. PGP signed stuff, without breaking the signature *unless*
the contents need to be modified for security reasons. If I can get
the recoder to work right, then I can do this without resorting to
expensive solutions such as storing the original message in a
temporary file or whatever, which would seriously impact performance
on a high-volume server.
> I realize this can probably be traced back further, but you're the one
> looking to get paid for that ... ;-)
Still looking, but things are always looking better on that front.
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 firstname.lastname@example.org -><- http://bre.klaki.net/
Check out my open-source email sanitizer: http://mailtools.anomy.net/
-- This mailing list's home page is: http://mailtools.anomy.net/archives/anomy-bugs/ There you can find subscription instructions and possibly an archive. Molar.is is a free Icelandic mailing list service.