We are developing an ecommerce web site but we are having problems with the e-mail associated with the buying experience. The e-mail message contains a text part and a base64 part. Declude is catching the messages as a vulnerability.
20.2 Conflicting Encoding Vulnerability: This vulnerability occurs when the headers of an E-mail claim that two or more different encoding types are used. A MIME segment can only be encoded in one way, so if there are more than one encoding types listed, it is possible that the mail server virus scanner and the mail client will use different decoding methods on the E-mail. If this happens, a virus could bypass virus scanning on the mail server. I've been thrown into this project at this late date and was wondering if anyone could provide some help in solving this problem. I see the two encodings, but I don't know how to solve the problem. Here are part of the headers - Subject: Download New Song From: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] MIME-Version: 1.0 X-Mailer: PHP/4.3.8 Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: BASE64 Thanks, Greg --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
