Ken:
I think you will find that it is not very helpful and that validating the
images will be more resource intensive than necessary. Dallas' ImageInfo
plug-in is a great balance on this issue and I'm voting to have it included
in the stock SA installation.
My reason for saying not very helpful is that we run a legitimate site that
allows image uploads and it amazes me how many of these are corrupted files
in minor, non-visible ways. Just look at how complex ImageMagick is for an
idea. Acrobat for example, has numerous "copy cats" that don't follow the
spec exactly.
However, I know the number one test I think would be helpful is using
ImageInfo to see if an image is an animated gif. I haven't had time to
research this fully but there are two immediate checks: A) is it a gif89a
header and B) Moses Moore thought that it's possible 0x2C indicates a frame.
My point is that I have seen animated gifs being used as well as distorted
gifs that will beat OCR techniques. ImageInfo's size ratio tests are likely
to remain valid. Increasing those tests with an animated gif test I think
would be valuable if it can be done with a very efficient test.
Regards,
KAM
Do the files found in image spam follow the letter of the format specs, or
do they tend to be broken? Is the degree of brokenness useful as a spam
metric?
I'm a fan of rejecting broken files at the gateway (including HTML) and
would like to bounce images that violate their format standards, as
they're likely to cause issues like buffer overruns in unsuspecting
clients.
Are there any good utilities that simply validate file formats commonly
seen in email? I'd like to at least hit JPEG, GIF, PNG, and Acrobat.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
