--- Comment #8 from John Woods <> ---
Looks as if I didn't know what I was talking about... After looking through, and reading parts of RFC 1521, I'd like to scratch my previous

In RFC 1521, Section 7.2.1, it says this:

   The encapsulation boundary following the last body part is a
   distinguished delimiter that indicates that no further body parts
   will follow.  Such a delimiter is identical to the previous
   delimiters, with the addition of two more hyphens at the end of the


   There appears to be room for additional information prior to the
   first encapsulation boundary and following the final boundary.  These
   areas should generally be left blank, and implementations must ignore
   anything that appears before the first boundary or after the last

So, any content that follows the --{boundary}-- marker is considered an
"epilogue" area, and must be ignored.

That explains why RW's claw mail utility ignored the epilogue, because claws
MUA was processing the e-mail per RFC 1521.

In this case, it was an attachment with malware. And the MUA(s) Thunderbird and
Outlook 2016 fail to follow RFC to the letter of the law, and malware
potentially infects the workstation.

On a positive note, SpamAssassin properly detected that the epiloque area
existed, and T_TVD_MIME_EPI is in the result.

Is this analysis correct?

You are receiving this mail because:
You are the assignee for the bug.

Reply via email to