Re: [Mimedefang] name= and filename= different

Mon, 16 Jul 2012 07:31:46 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 9 Jul 2012, Joseph Brennan wrote:


Mismatch noticed in Chinese-language spam:

Content-Type: application/vnd.ms-excel;
        name=nfy.xls
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename=vmdgjctvi.xls

I wonder whether name= and filename= being different are diagnostic of fakery
or are just something one can expect in mail from normal software. I never paid 
attention. Before I figure how to parse them out and log them to check-- has
anyone gone down this path already?
I did not checked the implications of this mismatch, but I'm running a filename cleanup routine in MIMEDefang and had to adjust it to cope with this problem. I have seen legit mails, where one name is rubbish (consiting of two UTF-8 characters most of the time) and the other looks good. They are forwarded by Exchange servers, then a colleque sees rubbish, but I see a valid filename -> Thunderbird and Pine seem to use different headers to determine the filename ... .
My routine (see above), picks the name with an extension \.[[:alnum:]]+\z and the least non-Latin1-characters, if there are more than one name; sanitizes it and writes it back into the header for both names. 

Regards,
- -- Steffen Kaiser 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBUAQQsv41+pMevzVSAQJiIgf9H04Owh7GgAUiHc2j5o7xnn+b7EB8/qsg
MjA0R5UZLM8/GTVSXbH1GIJ6gsWV2CKNk8XpySF1rLlinA7L6uMBDNiLk58lkwTI
iw7Y/l8L1JsWE5Va01kq2JrRqmXNIaGf0AWqC19LrbvEJ+9zwWu/X0DpENjiqbWh
lkmWsujwuWRkABu1lUmTNVHmRhxMQexAsGRGBcsbhwUCR0SqqcJEL4X19hPhQa+i
MNr6q124cjRCTcLBrx1d/7yXL2ry0MPiSBkQn/kkdmCC0/1y5N4I6iWVbBEkfqv/
DE3aKsTTKJymcjwGCLmH7++YnEOoPLE7mdJbK8qi+C4vv0GjAboPIQ==
=K/8Z
-----END PGP SIGNATURE-----
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Reply via email to