anomy-bugs

Content-Transfer-Encoding: Quoted-Printable

From: Gary Tunstall (31554@xyz.molar.is)
Date: Fri 13 May 2005 - 11:03:05 GMT

  • Next message: Michal Weinfurtner: "Bug in EncodeHeader sub routine."

    Hi,

    We are using Anomy sanitizer v1.69 with F-prot to scan incoming mail for
    virus's
    On the whole this is working well
    However sometimes messages are coming through 'blank' by the time outlook /
    exchange has played with them.
    It has take a little time to track down but I have found the cause (or least
    the step where it is occurring) is when the messages are being scanned.

    This happens on messages which are multipart messages but are marked as
    Quoted-Printable in the header.
    As far as I can tell this isn't correct however there are several sources
    that send mail like this and it would be nice if I could receive them.

    The problem is Anomy sanitizer (or F-prot although I don't think its this)
    is deciding to try and 'correct' the message.
    So:

    Content-Transfer-Encoding: Quoted-Printable
    MIME-Version: 1.0
    X-Mailer: JMail 4.1.0 Free Version by Dimac
    Content-Type: multipart/mixed;
            boundary="--NEXT_BM_7506A5A9E715416B8828A2472A03DFAB"

    This is a multipart message in MIME format.
    ----NEXT_BM_7506A5A9E715416B8828A2472A03DFAB
    Content-Type: text/plain;
            charset="iso-8859-1"
    Content-Transfer-Encoding: Quoted-Printable

    ***This is an automated email=2E Please do not reply***

    Becomes:

    Content-Transfer-Encoding: Quoted-Printable
    MIME-Version: 1.0
    X-Mailer: JMail 4.1.0 Free Version by Dimac
    Content-Type: multipart/mixed;
            boundary="--NEXT_BM_7506A5A9E715416B8828A2472A03DFAB"
    X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com)

    This is a multipart message in MIME format.
    ----NEXT_BM_7506A5A9E715416B8828A2472A03DFAB=0A=
    Content-Type: text/plain;=0A
    charset=3D"iso-8859-1"=0AContent-Transfer-Enco=
    ding: Quoted-Printable=0A=0A=
    ***This is an automated email. Please do not reply***

    Note this is snipped the full example is attached,
    Well it would be attached but I am unsure on the lists policy on attachments
    so its at:
    http://www.garytunstall.co.uk/mail.tar.gz
    Its only ~24k in size

    The file 09042005.101703.1.2405.bf.tmp is the original file after the server
    accepted it
    The file 09042005.101703.1.2405.df.tmp was produced by doing
    /usr/local/f-prot/tools/scan-mail.pl < 09042005.101703.1.2405.bf.tmp >
    09042005.101703.1.2405.df.tmp

    This message seems to have been generated by
    X-Mailer: JMail 4.1.0 Free Version by Dimac
    Another message that had the same problem was sent by
    X-mailer: AspQMail 2.0 4.11 (QSM235FCCF)

    Something has added =0A= and played around with the other line of the
    multipart boundary.
    Although as I say I am not convinced the original message should have the QP
    type in the primary header I also can't see why the scanner should try and
    'correct' the message.
    The problem is after it has been doctored Exchange and Outlook (possibly
    other I haven't checked) don't interpret the message as QP and so can't find
    the multipart boundary and just display a blank message.

    Is this a problem that could be looked at and pottentially worked around in
    sanitizer?

    Regards
    Gary



    hosted by molar.is