[24335] in bugtraq
RE: Non existing attachments, more info
daemon@ATHENA.MIT.EDU (David F. Skoll)
Wed Feb 20 12:16:50 2002
Date: Tue, 19 Feb 2002 16:20:25 -0500 (EST)
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: "Grimes, Roger" <RogerG@GoldKeyresorts.com>
Cc: Valentijn Sessink <valentyn+bugtraq@nospam.openoffice.nl>,
<bugtraq@securityfocus.com>
In-Reply-To: <B7C0314C9765D511BEB200E018C4638E4FCD82@mail.phr.com>
Message-ID: <Pine.LNX.4.44.0202191616280.9122-100000@shishi.roaringpenguin.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 19 Feb 2002, Grimes, Roger wrote:
> Your second option, although widely implemented by lots of SMTP solutions,
> could cause more problems than it solves. I believe that if the message
> isn't RFC-compliant and coded correctly, it should be rejected, period.
You are probably right, but that breaks the "robustness principle": be
conservative in what you do, be liberal in what you accept from others
(RFC 793, referring to TCP, but a widely-held philosophy in Internet
standards.)
I think that reformatting the message as valid MIME is a reasonable
compromise, because it should ensure that MUA's interpret the message
the same way the scanner did. However, when I have time, I will add
the option to my scanner to reject suspicious messages of any type.
Long term, though, the only way around e-mail-borne malware is to stop
using susceptible programs like Windows and Outlook. It is this last
step that people are reluctant to take.
--
David.
