Al Black wrote:
>
>I take it that running demime or strip mime doesn't help with this
>susceptablity either, right?
>
I'm not intimately familiar with all these tools, but generally, they
remove all MIME encoded parts which are not Content-Type: text/plain.
They may also try to render text/html content as plain text.
The issue is a uuencoded file such as
begin 644 test
05&AI<R!I<R!A('1E<W0N"G]_
`
end
is plain text, at least in the MIME sense, and can be embedded in a
plain text part or a non-mime message just as the above is.
Unless the MIME stripping tool specifically looks for and removes such
uuencoded data from plain text, it won't be removed. At least some of
the MIME stripping tools don't do this removal.
In spite of the fact that this message is just one text/plain part (as
I send it anyway), some MUAs - MS Outlook Express for one - will
extract the above uuencoded file and call it an attachment. Thus it is
possible to slip "attached" files of any type past some MIME removal
tools and have them appear as attachments to some MUAs.
--
Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
