On 2002-08-04, 23:31:21 (+0200), Peter Milesson wrote:
> Then I started to think about how Anomy works internally. I changed a few
> lines, allowing only headers to be rewritten, and leaving the contents, and
> content encoding alone, that is, never decoded or encoded. The only thing I
This is of course your choice, and you are very welcome to modify
the code and use it this way - that's why it's open source. But
your modifications totally break many of Anomy's other features,
which is why I'm not applying them or any patches like them to the
Features which break include:
- Virus scanning/disinfecting of QP encoded attachments
- HTML defanging of QP encoded HTML parts
- Recursive scanning within illegally QP encoded message/rfc822 parts
This QP issue has been discussed to death on the Anomy list, and
people keep asking for the impossible. The QP standard is
deliberately AMBIGUOUS, focusing on the semantics of certain
characters (newlines) instead of preserving their binary
representation. Decoding and reencoding will ALWAYS modify the
contents for some people.
Most obvious attempts to fix it so it works for one person, will
break it for someone else.
The only real solution is to implement a new reencoder which stores
the original, unencoded content and uses that verbatim when no
modifications are made to that particular attachment.
Unfortunately, this also has some major drawbacks, particularly when
it comes to virus scanning large files - disk space and I/O
requirements would double, which in some cases (say, an ISO image
sent via. e-mail) can be the difference between the mail server
falling over or not. There are some security problems which relate
to this though, which may outweigh the performance issues... I'm
still mulling them over.
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 firstname.lastname@example.org -><- http://bre.klaki.net/
Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: email@example.com