anomy-bugs

Re: MIMEStream.pm, that does not rewrite attachments

From: Bjarni R. Einarsson (17401@xyz.molar.is)
Date: Thu 03 Oct 2002 - 16:38:01 GMT

  • Next message: Davene Wright: "repeated error message"

    On 2002-08-04, 23:31:21 (+0200), Peter Milesson wrote:
    >
    > Then I started to think about how Anomy works internally. I changed a few
    > lines, allowing only headers to be rewritten, and leaving the contents, and
    > content encoding alone, that is, never decoded or encoded. The only thing I

    This is of course your choice, and you are very welcome to modify
    the code and use it this way - that's why it's open source. But
    your modifications totally break many of Anomy's other features,
    which is why I'm not applying them or any patches like them to the
    main tree.

    Features which break include:

     - Virus scanning/disinfecting of QP encoded attachments
     - HTML defanging of QP encoded HTML parts
     - Recursive scanning within illegally QP encoded message/rfc822 parts

    This QP issue has been discussed to death on the Anomy list, and
    people keep asking for the impossible. The QP standard is
    deliberately AMBIGUOUS, focusing on the semantics of certain
    characters (newlines) instead of preserving their binary
    representation. Decoding and reencoding will ALWAYS modify the
    contents for some people.

    Most obvious attempts to fix it so it works for one person, will
    break it for someone else.

    The only real solution is to implement a new reencoder which stores
    the original, unencoded content and uses that verbatim when no
    modifications are made to that particular attachment.

    Unfortunately, this also has some major drawbacks, particularly when
    it comes to virus scanning large files - disk space and I/O
    requirements would double, which in some cases (say, an ISO image
    sent via. e-mail) can be the difference between the mail server
    falling over or not. There are some security problems which relate
    to this though, which may outweigh the performance issues... I'm
    still mulling them over.

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     17401@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: 17519@xyz.molar.is



    hosted by molar.is