[25655] in bugtraq
Re: MIME::Tools Perl module and virus scanners
daemon@ATHENA.MIT.EDU (Bennett Todd)
Tue Jun 4 15:48:56 2002
Date: Tue, 4 Jun 2002 09:32:06 -0400
From: Bennett Todd <bet@rahul.net>
To: "David F. Skoll" <dfs@roaringpenguin.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20020604093206.B2500@rahul.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="GRPZ8SYKNexpdSJ7"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0206031603170.25839-100000@shishi.roaringpenguin.com>; from dfs@roaringpenguin.com on Mon, Jun 03, 2002 at 04:19:58PM -0400
--GRPZ8SYKNexpdSJ7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
That's good research, and good work.
And I agree with the conclusion you implied:
> If you use MIMEDefang (which uses MIME::Tools), you may want to
> unconditionally call action_rebuild in filter_begin(). This
> forces the MIME message to be rebuilt by MIME::Tools, resulting in
> a valid MIME message.
That's the only approach that offers promise of settling this class
of problems.
Do MIME::Tools and/or MIMEDefang know about the punctuation marks
that some Windows MUAs silently ignore in filename extensions? How
about charset canonicalization, non-default (incorrect but commonly
accepted) UTF-8 encodings?
-Bennett
--GRPZ8SYKNexpdSJ7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8/MFVHZWg9mCTffwRAuwkAJ9Oxx6BYcHuZwnN5wzrzFGq3ZifkACgkZea
/iJpnShtS94GP5q5RSz2X4o=
=UsZM
-----END PGP SIGNATURE-----
--GRPZ8SYKNexpdSJ7--
