anomy-list

Patch for MIME type message/partial - was Bypassing SMTP Content

From: wolfgang (51604@xyz.molar.is)
Date: Fri 13 Sep 2002 - 19:30:42 GMT

  • Next message: Jim Rosenberg: "Re: Bypassing SMTP Content Protection with Multi-Part Messages"

    Open the file .../anomy/bin/Anomy/Sanitizer.pm

    Search for ...
    sub SanitizeHeaders

    Add the following lines starting with the + sign (without the + sign)...

        # Copy headers...
        foreach my $key (keys(%{ $part->{"mime"} }))
        {
            $mime->{$key} = $part->{"mime"}->{$key};
        }
    +
    + # if you want to switch this on/off
    + # create a config option 'feat_message_partial'
    + # and enable the 'if (...)'
    + #
    + #if ($conf->{"feat_message_partial"})
    + {
    + if ($mime->{"type"} =~ /partial/)
    + {
    + $mime->{"type"} = "text/plain";
    + }
    + }
    +

    This will change all MIME .../partial to text/plain, and
    tis will break message/partial

    If you have enabled 'feat_force_name=1' the MIME part will
    assigned the default name eg. 'unamed.txt'. This will force
    the virus scanner to run if you have enabled this also.

    For unknown reason 'feat_force_name' will only work if
    'feat_boundaries' is also enabled, so check this too.

    I have changed my default name to 'unamed.???' and my
    default policy are 'drop', so this MIME content will be
    removed.

    Wolfgang Käß

    attached mail follows:


    Open the file .../anomy/bin/Anomy/Sanitizer.pm

    Search for ...
    sub SanitizeHeaders

    Add the following lines starting with the + sign (without the + sign)...

        # Copy headers...
        foreach my $key (keys(%{ $part->{"mime"} }))
        {
            $mime->{$key} = $part->{"mime"}->{$key};
        }
    +
    + # if you want to switch this on/off
    + # create a config option 'feat_message_partial'
    + # and enable the 'if (...)'
    + #
    + #if ($conf->{"feat_message_partial"})
    + {
    + if ($mime->{"type"} =~ /partial/)
    + {
    + $mime->{"type"} = "text/plain";
    + }
    + }
    +

    This will change all MIME .../partial to text/plain, and
    tis will break message/partial

    If you have enabled 'feat_force_name=1' the MIME part will
    assigned the default name eg. 'unamed.txt'. This will force
    the virus scanner to run if you have enabled this also.

    For unknown reason 'feat_force_name' will only work if
    'feat_boundaries' is also enabled, so check this too.

    I have changed my default name to 'unamed.???' and my
    default policy are 'drop', so this MIME content will be
    removed.

    Wolfgang Käß



    hosted by molar.is