On Mon, 1 Mar 2004, Dirk Mueller wrote: > Well, either that, or write less strict MIME parser.
But to do it "securely", you'll have to write a MIME parser that duplicates the behavior of dozens of different MIME parsers in dozens of different MUAs. What's dangerous to one might be innocuous to another. >To me it boils down to this: MIMEDefang offers certain features (like >stripping html, modifying mime parts, removing them, "defang"ing >them, etc), and those features don't work on a few corner cases. some >of them are important, some of them are not. Note I do offer to >provide patches, but if the maintainer rejects them before he has >seen them, the only choice left for me (besides maintaining my own >package) is to go look somewhere else for something that works. Please submit patches; I'll look them over. > > And keep submitting as > > the malformed-MIME-of-the-day problem is revealed. > I've not yet strong reason to believe that there are *that* many > special cases to take care of. Do you? Yes, I do, based on experience. Canonicalizing the MIME is the only safe solution. > No, thats not an analogy. As I explained in my previous mail, the problem is > not the software itself, its the user that uses it. I disagree. Even if I received a shell script or Linux excutable, my mail reader would not permit me to execute it without my taking some rather deliberate actions. It's a fundamental flaw in the Windows operating system that permits encoding of metadata (the Unix "x" bit) in filenames. This fundamental flaw is responsible for MyDoom and friends. > And thats the main point: We need software that checks for malware > content and when it can be reasonably sure about it, to react (like > stripping the part, replacing it with a warning, whatever). The answer is to canonicalize the MIME, so even if malware gets through, it's not executable on the target system (just looks like a plain-text mess.) Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
