[23340] in bugtraq
Re: NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]
daemon@ATHENA.MIT.EDU (Joe Yandle)
Fri Nov 30 16:45:11 2001
Date: Fri, 30 Nov 2001 01:35:41 -0800
Message-Id: <200111300935.fAU9Zfh14465@devotchka.germtop.com>
Content-Type: text/plain
From: Joe Yandle <jwy@divisionbyzero.com>
To: Jari Helenius <jari.helenius@mawaron.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <3C063D28.7090800@mawaron.com>
MIME-Version: 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> It seems that NAI WebShield SMTP for NT can't handle all mime headers
> properly. One example is below. WebShield can't parse this and it does
> not realize that message has attachment. And because it does not realize
> there is attachment it won't check it for viruses or against attachment
> name.
>
> MIME-Version: 1.0
> Content-Type: multipart/related;
> type="multipart/alternative";
> boundary="====_ABC1234567890DEF_===="
>
This is not a bug in NAI WebShield, but rather a bug in any email
client which parses this as a valid MIME message. Read RFC 822,
section 3.1.1, if you don't understand how to correctly fold
email headers. Since the 'boundary' field should be discarded,
this email cannot be parsed for MIME attachments, and thus
logically does not contain the virus.
Instead of complaining about your virus scanner's correct behavior,
you might want to complain to whoever wrote your email client.
This is a perfect example of how necessary it is for standards to be
implemented correctly at all levels ;)
cheers,
- --
Joe Yandle
http://www.divisionbyzero.com/jwy/pubkey.asc
If video games really affected kids, then we'd all be running around in
dark rooms, munching on pills, and listening to electronic music.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8B1LUy8aHBE8tCGcRAixKAJ95liB6idzd9JR+9mgtU667xsb9uwCdGnzX
tDcqAeVbtjiJ3gii9tbXG0E=
=Q3x5
-----END PGP SIGNATURE-----
