Hello, lately I found and reported that message_contains_virus() runs the virus scanner on an empty directory. I collected some mails, in which cases this occurs:
mimedefang.pl -structure <ENTIRE_MESSAGE non-leaf: type=multipart/alternative; fname=; disp=inline The actual contents looks like so ENTIRE_MESSAGE: ===START Recieved: [snip] From: " Arroyo" <[EMAIL PROTECTED]> To: <<some real reciepients>> Subject: Boost Your Car's Gas Mileage 27%+, livingston magnesium disposal yeats Mime-Version: 1.0 X-Mailer: adjacent illegitimacy Date: Wed, 18 Feb 2004 00:26:21 -0500 Reply-To: " Arroyo" <[EMAIL PROTECTED]> Content-Type: multipart/alternative; boundary="" Message-Id: <[EMAIL PROTECTED]> -- Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit [snip: gibberish] -- Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit [snip: contents] ---- ==END The same applies to this [snipped non-MIME stuff]: ===START Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--ALT--SJFV45206236694260 Message-Id: <[EMAIL PROTECTED]> ----ALT--SJFV45206236694260 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit [snip: gibberish] ----ALT--SJFV45206236694260 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit [snip: contents] ----ALT--SJFV45206236694260 -- ===END The second message was resent/forwarded by some FreeMail hoster, maybe this one destroyed the MIME stuff. The problem is the "unusal" MIME boundary, e.g. if I add the missing closing quote of the second message, mimedefang.pl -structure correctly returns: non-leaf: type=multipart/alternative; fname=; disp=inline leaf: type=text/plain; fname=; disp=inline leaf: type=text/plain; fname=; disp=inline leaf: type=text/plain; fname=; disp=inline However: my concernings are as following: a) The first message containing an empty MIME boundary is splitted apart by Pine v4.58 (and I guess other MUAs, too). That means that no attachment is scanned for viruses by MIMEDefang, but is happily accessable by the MUA. b) The second message may not contain such a thread, because the MIME type is to default to text/plain (because of the preceeding empty line), but what about stupid MUAs? At least many MUAs do attempt HTML display on text/plain. === The behaviour is equal regardless of using the patched MIME::Tools or the development version: MIME::Tools : Version 6.110 MIME::Words : Version 6.107 patched MIME::Tools: MIME::Tools : Version 5.411 MIME::Words : Version 5.404 This makes three weaknesses in the MIME::Tools so far. Bye, -- Steffen Kaiser _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang