On 2014-06-27, Sean Donelan <[email protected]> wrote: > It appears the RFC2047 decode in Exim can be tricked, and the spammers > have figured out how to exploit it. > > For example, this is a recent MIME part (I added "_") > > Content-Type: application/x-zip-compressed; > name="&_#_1057_;opy_of_Document_ID7851.zip" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="&_#_1057_;opy_of_Document_ID7851.zip" > > When Exim expands the variable $mime_filename the result > is only "&_#_1057" and nothing else (again _'s added)
That's not RFC2047. It could be the semicolon that's causing problems. It looks like they want U+0441 'ะก' instead of 'C' but that encoding is broken, applicable to only HTML and XML. I wonder who they're fooling. Still, it looks like a bug in exim. I'm fairly sure the RFCs say that semicolons are not significant inside quoted words. -- umop apisdn -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
