I need to implement a filter that will block nested multiparts beyond a certain depth before handing off to the virus filters. Anyone using clamav ought to be interested in this too, since a deeply nested message will make clamd use obscene amounts of RAM. These deeply nested messages typically are the result of the mail loop, and I'd love to be able to reject them. I notice that gmail (I guess it wasn't an april fools joke?) is doing this.
I've reviwed the MIME:Parser module but don't see a method for finding the depth of recursion. The existing MaxMIMEParts doesn't seem to catch this, or it it's supposed to, it's not working for me, even with the patched MIME:Parser module. Any suggestions? Given the spreading use of MD and ClamAV, this amounts to a fairly effective DoS attack today. A few carefully crafted message sent to a couple big list could cause a significant disturbance in the force! -- Kelsey Cummings - [EMAIL PROTECTED] sonic.net, inc. System Administrator 2260 Apollo Way 707.522.1000 (Voice) Santa Rosa, CA 95407 707.547.2199 (Fax) http://www.sonic.net/ Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896 _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
