Al Black wrote: > >I take it that running demime or strip mime doesn't help with this >susceptablity either, right? >
I'm not intimately familiar with all these tools, but generally, they remove all MIME encoded parts which are not Content-Type: text/plain. They may also try to render text/html content as plain text. The issue is a uuencoded file such as begin 644 test 05&AI<R!I<R!A('1E<W0N"G]_ ` end is plain text, at least in the MIME sense, and can be embedded in a plain text part or a non-mime message just as the above is. Unless the MIME stripping tool specifically looks for and removes such uuencoded data from plain text, it won't be removed. At least some of the MIME stripping tools don't do this removal. In spite of the fact that this message is just one text/plain part (as I send it anyway), some MUAs - MS Outlook Express for one - will extract the above uuencoded file and call it an attachment. Thus it is possible to slip "attached" files of any type past some MIME removal tools and have them appear as attachments to some MUAs. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/