[31786] in bugtraq
Re: base64
daemon@ATHENA.MIT.EDU (Bennett Todd)
Thu Sep 25 12:58:14 2003
Date: Thu, 25 Sep 2003 11:30:09 -0400
From: Bennett Todd <bet@rahul.net>
To: MightyE <trash@mightye.org>
Cc: Lawrence MacIntyre <lpz@ornl.gov>, bugtraq@securityfocus.com
Message-ID: <20030925153009.GA5716@rahul.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0"
Content-Disposition: inline
In-Reply-To: <3F72E872.7000007@mightye.org>
--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
2003-09-25T09:06:58 MightyE:
> There are two methods which you can use in the writing of your
> email virus scanner; you can either decode it every known way that
> any client does so, [...] Alternatively you can accept it only if
> it is properly encoded, [...]
There's a third method, which I think is rather better than either
of those.
You can re-code everything into a canonical form. Some email client
drop some punctuation characters in filenames? Delete all such
characters from filenames. Different tools handle various i18n
encoded filenames differently? Map to US-ASCII. Enforce length
limits. Recode base64. Recode uuencoded chunks. Regularize
non-standard MIME.
Do all this canonicalization before the message hits your
attachment type policy enforcement and malware scanner, so they only
have to deal with the common forms that everybody handles the same.
-Bennett
--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/cwoBHZWg9mCTffwRAvX5AJsE0apz9dGZR4r0t8dI2nQM8cTyKQCgjPHC
0Qr/jSKwr6iC/2DaGXoDpao=
=g2Op
-----END PGP SIGNATURE-----
--6TrnltStXW4iwmi0--
