On 2014-06-27, Sean Donelan <sean@???> wrote:
> It appears the RFC2047 decode in Exim can be tricked, and the spammers
> have figured out how to exploit it.
>
> For example, this is a recent MIME part (I added "_")
>
> Content-Type: application/x-zip-compressed;
> name="&_#_1057_;opy_of_Document_ID7851.zip"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
> filename="&_#_1057_;opy_of_Document_ID7851.zip"
>
> When Exim expands the variable $mime_filename the result
> is only "&_#_1057" and nothing else (again _'s added)
That's not RFC2047.
It could be the semicolon that's causing problems.
It looks like they want U+0441 'С' instead of 'C' but that
encoding is broken, applicable to only HTML and XML. I wonder who
they're fooling.
Still, it looks like a bug in exim. I'm fairly sure the RFCs say that
semicolons are not significant inside quoted words.
--
umop apisdn
