RE: Bypassing SMTP Content Protection with Multi-Part Messages

From: Savin Gorup (
Date: Mon 16 Sep 2002 - 12:13:39 GMT

  • Next message: Andrew: "RE: Bypassing SMTP Content Protection with Multi-Part Messages"


    > I don't know how other admins feel, but speaking for myself, I'd be
    > quite happy to see Anomy just defang
    > Content-type: message/partial;
    > This should be a fairly simple fix. In the whole time I've been using
    > Anomy I can count on the fingers of a couple of hands the number of
    > times I've needed to fish a legitimate executable out of quarrantine for
    > someone; I'd be awfully surprised if legitimate cases of fragmented
    > executables start keeping me busy.

    This sounds like a good solution. I prefer doing some manual work than
    allowing a single EXE pass a mailfilter... Does anybody know a mail client
    that actually sends "message/partial" messages?

    > If the fragment header is defanged, then on receipt it should simply
    > fail reassembly.
    > Comments?

    Anybody care to take a look into code? I'm not much of a perl programmer


    hosted by