[exim-dev] [Bug 1004] demime bug in uuencode detection heuri…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Lionel Elie Mamane
Ημερομηνία:  
Προς: exim-dev
Παλιά Θέματα: [exim-dev] [Bug 1004] New: demime bug in uuencode detection heuristics
Αντικείμενο: [exim-dev] [Bug 1004] demime bug in uuencode detection heuristics
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1004




--- Comment #1 from Lionel Elie Mamane <lionel@???> 2011-01-09 00:37:46 ---
While this is not stricto sensu a "MIME error", it is a construct that is
interpreted differently by different programs (MUAs, anti-virus software, ...).

In particular, some (older?) versions of Microsoft Outlook (Express?) will
recognise a "Begin forwarded message:" line as a valid begin of a uuencoded
file...

It could for example be used to sneak a virus past an anti-virus:

Begin forwarded message:
INSERT HERE UUENCODED VIRUS / .EXE FILE
`
end

The anti-virus maybe will not recognise it as a uuencoded file
(because, well, the header line does not match the format, which
requires something like:

begin 644 foo

), and thus not scan the file, but (some versions of) Microsoft
Outlook (Express?) will see a uuencoded vile here, and thus, if the
user double-clicks on it, (s)he is infected. So in some sense, we may want to
consider that an "error" if in a paranoid frame of mind.


But on the other hand, breaking system-wide forward-mail sent by anglophone
users of Apple software is not acceptable either...

The easiest work-around in the meantime is to change the ACL condition to:

condition = ${if >{$demime_errorlevel}{1}{1}{0}}

If one wants to be more specific, one can do something like

condition = ${if match{$demime_reason}{^uuencod}{0}{1}}


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email