anomy-list

Re: A philosophical question: To rewrite or not to rewrite

From: Robert de Bath (robert$@mayday.cix.co.uk)
Date: Sun 04 Aug 2002 - 10:56:37 UTC

  • Next message: Bjarni R. Einarsson: "Re: A philosophical question: To rewrite or not to rewrite"

    On Fri, 2 Aug 2002, Peter Milesson wrote:

    > Hi folks,
    >
    > I had some problems (correctly, M$ has got problems) recently, when
    > I figured out that Outlook Express, under certain conditions, do not
    > code attachments as Base64, but as Quoted-printable. It seems to be
    > quite common, and lots of mails with attachments were trashed. See my
    > previous bug report about this.

    > I modified the Anomy code, so only the content headers are rewritten,
    > that is, throwing out attachments with forbidden contents (.exe, .js,
    > .vbs, etc), only defanging the filename for attachments that can contain
    > macros, and that I want the user to regard with suspicion (.doc, .xls,
    > .etc). The only content rewriting I allow is for HTML, leaving only
    > plain text. All other content that is passed through Anomy, is simply
    > copied from input to output in memory.

    > The result is faster processing, as no content decoding/encoding takes
    > place, and no risk of content trashing, due to buggy decoders/encoders.

    Firstly;
       I think this is a _very_ good idea, if Anomy isn't intrested in the
    contents of an attachment it shouldn't encode/decode it. Then it would
    even be able to pass messages with unknown content types like the 'x-yenc'
    or 'x-base251' that may appear soon.

    It may even allow me to up the maximum size of message that I allow
    Anomy to check.

    However, two things:
    1) I think if I replaced the HTML with pure ascii I'd get a few
       'luser problems' :-) Still I might try it ... but ..

    2) Anomy supports 'content' checkers ie: Virus checkers and the Word
       DOC macro checker. These have to decoded the data to do the check
       but more importantly you should re-encode from the checked document
       otherwise it _may_ be possible for content to be crafted that passes
       the check under Anomy's decoder but has evil content when decoded under
       'doze.

    You need content checks because users just don't understand how poor the
    M$ macro languages are for untrusted code and many don't even see a 'DOC'
    file as a program. IMO: If you just tell many users to be 'suspicious'
    you're wasting your breath, if they were capable of it there wouldn't
    be as much evil code and there would be no need for tools like Anomy.

    -- 
    Rob.                          (Robert de Bath <robert$ @ debath.co.uk>)
                                           <http://www.cix.co.uk/~mayday>
    



    hosted by molar.is