I'm probably telling you stuff you already know but...
>Either way, my first impression is that it should definately go
>into MIMEStream.pm, in some similar way as Base64, Quoted-Printable
>and UUencode are handled. But, according to:
>the binhex attachments contains more than just plain data - they
>also contain metadata (filenames etc.) which it isn't quite clear
>what the Sanitizer should do with: ignore it or sanitize it?
The main point of binhex is that it allows one to encode Mac files.
Mac files require special encoding because MacOS uses a two-forked
file system. That is, every file can have two forks, a data fork
(this is the plain file part to the rest of the world) and a
resource-fork (your metadata). As an example, a GIF file might have
a data fork that is just a plain old GIF, and a resource fork that
contains the ID of the program that owns it, a custom icon, a preview
image, the URL from which it was downloaded, etc. In the case of a
GIF, uploading it to, say, a unix machine without encoding will strip
off the resource fork. That is usually just fine for GIFs, and other
files of common formats. However, executable code, and other fun
stuff that makes applications useful on a Mac is kept in the resource
fork. Any virus code would probably be in the resource fork as well.
If you un-binhex a mac file on a unix box, you will have to be very
careful not to whack stuff in the resource fork.
On a slightly different note, most binhexed files in email have no
need to be binhexed. Eudora has included binhex as one of it's
encoding formats, on both mac and windows forever. Actually, I
believe it's the default.
Harold Paulson Sierra Web Design firstname.lastname@example.org http://www.sierraweb.com VOICE: 775.833.9500 FAX: 810.314.1517