On 28/06/2014 10:01:06, "Jasen Betts" <jasen@???> wrote:
>On 2014-06-27, Sean Donelan <sean@???> wrote:
>
>> It appears the RFC2047 decode in Exim can be tricked, and the
>>spammers
>> have figured out how to exploit it.
>>
>> For example, this is a recent MIME part (I added "_")
>>
>> Content-Type: application/x-zip-compressed;
>> name="&_#_1057_;opy_of_Document_ID7851.zip"
>> Content-Transfer-Encoding: base64
>> Content-Disposition: attachment;
>> filename="&_#_1057_;opy_of_Document_ID7851.zip"
>>
>> When Exim expands the variable $mime_filename the result
>> is only "&_#_1057" and nothing else (again _'s added)
> Still, it looks like a bug in exim. I'm fairly sure the RFCs say that
>semicolons are not significant inside quoted words.
I've got some anti-zipfile protection in my config and some zipfiles are
making
it through because the filename is like that. This has started happening
recently, so it's not just you Sean.
My mail client also cuts the filename at the semi-colon, for what it's
worth.
--
Toby