anomy-list

RE: Bypassing SMTP Content Protection with Multi-Part Messages

From: Andrew (52062@xyz.molar.is)
Date: Mon 16 Sep 2002 - 13:07:23 GMT

  • Next message: Savin Gorup: "RE: Bypassing SMTP Content Protection with Multi-Part Messages"

    Hello

    Here's a patch which MIGHT do something like the right thing with
    partial messages ... but I don't think it's quite what everyone
    wants -- it means that a few blank messages are going to be
    delivered to a very confused recipient:

    BEGIN===================
    diff -u MIMEStream.pm.orig MIMEStream.pm
    --- MIMEStream.pm.orig Mon Sep 16 15:06:10 2002
    +++ MIMEStream.pm Mon Sep 16 15:06:47 2002
    @@ -104,6 +104,7 @@
     {
     # "text/html" => \&ParserDiscard,
            "text/*" => \&ParserForce8bit,
    + "message/partial" => \&ParserDiscard,
            "message/rfc822" => \&ParserRFC822,
            "multipart/*" => \&ParserMultipart,
            "multipart/signed" => \&ParserCat,
    ===================END

    Ps. I haven't tested it .. although if I don't reply to your
    replies, it could be because this breaks something quite
    impressively &:-)

    At 2:13pm Today Savin Gorup wrote:

    > Hi,
    >
    > > I don't know how other admins feel, but speaking for myself, I'd be
    > > quite happy to see Anomy just defang
    > >
    > > Content-type: message/partial;
    > >
    > > This should be a fairly simple fix. In the whole time I've been using
    > > Anomy I can count on the fingers of a couple of hands the number of
    > > times I've needed to fish a legitimate executable out of quarrantine for
    > > someone; I'd be awfully surprised if legitimate cases of fragmented
    > > executables start keeping me busy.
    >
    > This sounds like a good solution. I prefer doing some manual work than
    > allowing a single EXE pass a mailfilter... Does anybody know a mail client
    > that actually sends "message/partial" messages?
    >
    > > If the fragment header is defanged, then on receipt it should simply
    > > fail reassembly.
    > >
    > > Comments?
    >
    > Anybody care to take a look into code? I'm not much of a perl programmer
    > myself...
    >
    > SavinG
    >
    >
    >

    -- 
    Get SuSE 8.0 (7CD's, 1 DVD, 5 manuals) for R890.00
    http://ledge.co.za/suse.php
    

    Leading Edge Business Solutions http://ledge.co.za/ +27 11 656 0360 Linux Training, Software and Networking

    8 out of 10 people think they are above average drivers.



    hosted by molar.is