On 12/07/14 15:39, [email protected] wrote:
On 28/06/2014 10:01:06, "Jasen Betts" <[email protected]> wrote:
On 2014-06-27, Sean Donelan <[email protected]> wrote:
It appears the RFC2047 decode in Exim can be tricked, and the spammers
have figured out how to exploit it.
For example, this is a recent MIME part (I added "_")
Content-Type: application/x-zip-compressed;
name="&_#_1057_;opy_of_Document_ID7851.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="&_#_1057_;opy_of_Document_ID7851.zip"
When Exim expands the variable $mime_filename the result
is only "&_#_1057" and nothing else (again _'s added)
Still, it looks like a bug in exim. I'm fairly sure the RFCs say that
semicolons are not significant inside quoted words.
I've got some anti-zipfile protection in my config and some zipfiles are
making
it through because the filename is like that. This has started happening
recently, so it's not just you Sean.
My mail client also cuts the filename at the semi-colon, for what it's
worth.
HEAD now contains a probable fix for this. Confirmation from production
systems exposed to the wild would be very welcome.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
