Re: Bypassing SMTP Content Protection with Multi-Part Messages

From: Jim Rosenberg (
Date: Fri 13 Sep 2002 - 16:01:24 GMT

  • Next message: Savin Gorup: "RE: Bypassing SMTP Content Protection with Multi-Part Messages"

    On Thu, 2002-09-12 at 16:59, Brian Schonecker wrote:
    > I'm not so sure where to put the finger on this one. Since it's seven
    > separate emails, there's no way for Anomy to determine that it's supposed to
    > one, big email. So Anomy surely isn't to blame.

    Sorry, but I disagree, *STRONGLY*.

    Most other MIME filter vendors do seem to be accepting the challenge of
    dealing with this.

    If someone can send a .exe attachment which passes through Anomy
    untouched and arrives in the mailbox of an Outlook Express user intact
    and double-clickable, then Anomy has failed me.

    I don't know how other admins feel, but speaking for myself, I'd be
    quite happy to see Anomy just defang

    Content-type: message/partial;

    This should be a fairly simple fix. In the whole time I've been using
    Anomy I can count on the fingers of a couple of hands the number of
    times I've needed to fish a legitimate executable out of quarrantine for
    someone; I'd be awfully surprised if legitimate cases of fragmented
    executables start keeping me busy.

    If the fragment header is defanged, then on receipt it should simply
    fail reassembly.


    #include <disclaimer.h>
    Ross Mould / 259 S. College St. / Washington, PA  15442

    hosted by