On Monday 01 March 2004 19:34, David F. Skoll wrote:
> > It seems in the long run we have to get rid of MIMEDefang. Thats a shame, > > since it worked so great in all other aspects. > Sorry, but comments like that make me upset. If you don't like the > way MIMEDefang parses MIME messages, then submit patches to the > maintainers of MIME::tools and Mail::Tools. Well, either that, or write less strict MIME parser. To me it boils down to this: MIMEDefang offers certain features (like stripping html, modifying mime parts, removing them, "defang"ing them, etc), and those features don't work on a few corner cases. some of them are important, some of them are not. Note I do offer to provide patches, but if the maintainer rejects them before he has seen them, the only choice left for me (besides maintaining my own package) is to go look somewhere else for something that works. > And keep submitting as > the malformed-MIME-of-the-day problem is revealed. I've not yet strong reason to believe that there are *that* many special cases to take care of. Do you? > Here's an analogy: No, thats not an analogy. As I explained in my previous mail, the problem is not the software itself, its the user that uses it. Hundreds of thousands of users chose (!) to execute the MyDoom virus when they received the mail about it. The mail did not contain any MUA exploit, no weird MIME boundary, no nothing. They just got a mail from a sender address that maybe looked familiar to them, and then they executed it to see what happens. And thats the main point: We need software that checks for malware content and when it can be reasonably sure about it, to react (like stripping the part, replacing it with a warning, whatever). Again, it is not about MUA bugs. It is about users who see an attachment and open it. The second concern is to get rid of spoofed-recipient bounces. Actually a big share of "junk" mail we receive are bounces of source-spoofed SPAM and Worm email. Automatically getting rid of that is another long term goal we have. Worm bounces were so far easy to handle: they had the worm itself somewhere in the mail (or at least parts of it). Its not so easy to use bayes/SA to filter worm bounces anymore, since a great share of those internet worms don't provide a big text payload which SA could be trained for. The recent worms just say "test" or "your password" as body, and you don't really want to filter on that, since then people would complain why their test mails don't come through. > Patching MIME::tools to "handle" malformed MIME is the first > programmer's approach. > Which do you suppose I advocate as the long-term solution? :-) I don't know, tell me. Getting rid of email? :) _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
