Re: RE: Bypassing SMTP Content Protection with Multi-Part Messages

From: Robert Litman (
Date: Mon 16 Sep 2002 - 21:01:44 GMT

  • Next message: Bjarni R. Einarsson: "Announcing, revision 1.53"

    >This shouldn't break anything and should work... whether that's really
    >what you really want to do (discard the data) is another question
    >entirely. :-)

    Well, my original question included: "And, is this even something I would
    want to do?"
    I haven't seen anyone object to this idea, and I really cannot think of any
    time I have ever dealt with a partial message, so maybe blocking them
    entirely would be a good idea. After some consideration, I really don't
    think my user-base would be too confused by blank messages, because they
    probably wouldn't get any anyway. Its like a VBS attachment now. If you
    get it, its probably malicious (with few exceptions).

    I like the patch idea, and it looks like it will work, but I won't be
    implementing it, as I don't have any outlook users anyway (I just asked the
    question in the first place, as a general security question)
    OTOH, if this were to be implemented in a release, I for one, would prefer
    to see it included as a new optional switch in the santizer.cfg file.
    Something like "feat_partial_blocking".
    That, and should something like this be done, it would be nice to have a
    specific message go with it. Maybe a new line in the sanitizer.log???

    Robert Litman

    hosted by