On Fri, 30 Jul 2004, Paul wrote: > I just ran it here with MD 2.41 + SA 2.60 + ClamAV 0.67. #5, #8, #23 > and #25 got through.
The MIME continuation vulnerability exploits a bug in Outlook. MIMEDefang interprets the message correctly according to the MIME RFCs. As I wrote before many times, I have no intention of making MIMEDefang "bug-for-bug" compatible with various buggy MUAs. If you're really concerned about this thing, the *ONLY* sane response is to canonicalize every single message coming into your system by using action_rebuild(). This will ensure that every message handed off by MIMEDefang is a well-formed MIME message, and should reduce the likelihood of misinterpretation by buggy MUAs. Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
