[exim-dev] [Bug 1004] demime bug in uuencode detection heuri…

Top Page
Delete this message
Reply to this message
Author: Tamas Tevesz
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 1004] New: demime bug in uuencode detection heuristics
Subject: [exim-dev] [Bug 1004] demime bug in uuencode detection heuristics
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1004




--- Comment #2 from Tamas Tevesz <ice@???> 2011-01-23 20:07:18 ---
(In reply to comment #1)

> In particular, some (older?) versions of Microsoft Outlook (Express?) will
> recognise a "Begin forwarded message:" line as a valid begin of a uuencoded
> file...
>
> It could for example be used to sneak a virus past an anti-virus:
>
> Begin forwarded message:
> INSERT HERE UUENCODED VIRUS / .EXE FILE
> `
> end


i wasn't aware (but couldn't say i'm surprised) that outlooks (too) misbehave
:) but, as you indicated, they still require a proper closing statement of
"`\nend\n", so thus far it seems exiscan should follow suit in determining
what's uu and what's not.

> If one wants to be more specific, one can do something like
>
> condition = ${if match{$demime_reason}{^uuencod}{0}{1}}


i hadn't thought of narrowing the condition scope like this, but it does indeed
seem like a viable compromise, thanks for the tip!


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email