Another bug with it's own logo and website has appeared: www.mailsploit.com.
This targets MUAs. It abuses RFC2047 MIME encoding of headers to insert NUL
characters.
The mails are relatively easy to stop using mimedefang. I've just rolled it out
on our platform.
Boilerplate code (completely untested, but partly cut-n-pasted out of working
code). Enjoy.
use Encode qw(decode);
sub filter_end ($) {
my($entity) = @_;
# ... any other processing you do in filter_end
my $fromline = $entity->head->get('From');
eval {
# MIME::Decode of the header might fail for unknown charset.
my $friendly_from = decode('MIME-Header', $fromline);
if ( $friendly_from =~ /\0/ ) {
md_syslog('warning', "$MsgID: Encoded NUL in From header:
$fromline");
# XXX insert your own code to handle such messages, eg redirect,
reject, or change the From: header
action_bounce('Encoded NUL in From rejected');
}
};
if ( $@ ) {
# you may, for security reasons, choose to reject here too.
md_syslog('warning', "$MsgID: Error decoding From: $fromline; error:
$@");
}
# ... any more processing you wish to do in filter_end
}
--
Jan-Pieter Cornet <[email protected]>
"Any sufficiently advanced incompetence is indistinguishable from malice."
- Grey's Law
signature.asc
Description: OpenPGP digital signature
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
