I am setting up MIMEDefang to scan mail for viruses. It makes perfect
sense to me to skip over the text/plain and text/html parts as I'm not
sure how they could contain viruses. However, I haven't seen or heard of
anyone else doing this.
Anyone else looked into this? Comments?
Resent munged.
Matt Cuttitta wrote:
> I am setting up MIMEDefang to scan mail for viruses. It makes perfect
> sense to me to skip over the text/plain and text/html parts as I'm not
> sure how they could contain viruses.
Of curse they /can/ contain viruses, since the virus program generates
them, and thus can set the Content-type to whatever value. Further more,
there is a high probability that some user agent would execute them.
I'm thinking of a body part like this:
Con tent-Ty pe: text/pla in;
name="test.txt"
Con tent-Tra nsfer-Encoding: base 64
Con tent-Disp osition: atta chment;
filename="text.pif"
The user agent would offer to decode & save the attachment with the file
name text.pif, and a double click from the shell will do the rest.
--
Stelian Ene
Software Test Engineer
Matt Cuttitta wrote:
> I am setting up MIMEDefang to scan mail for viruses. It makes perfect
> sense to me to skip over the text/plain and text/html parts as I'm not
> sure how they could contain viruses.
It's safe to do this if ALL of the following conditions are met:
1) All of your users are running a mythical MUA that has zero bugs.
2) All of your users are running a mythical MUA that handles
arbitrarily-malformed MIME messages in a safe way.
3) All of your users are running a system that doesn't make decisions
based on filename extensions, but only on declared MIME types.
4) None of your users is running Windows.
Hands up anyone whose organization satisfies those conditions.... :-)
Regards,
David.