On Mon, May 10, 2004 at 10:50:57AM -0300, Carlos Diego Russo Medeiros wrote: > I've noticed that some mime attachments are passing through the > qmail-scanner.. >
Yup - it's the old encoding issue. I'd like someone who knows more about how non-english language installs of Windows operates to help out on this one. I mean, "*.doc" is linked to Word on English installs - does that work on Chinese? Does some Chinese version of "*.doc" exist that should be treated in the same way? What about base64-encoded filenames instead of quoted-printable? You can see this problem becomes big really fast. It's a cow of a thing. Originally MIME was designed that the filenames mean nothing - the Content-Type fully describes how the MUA should handle the message. The security implications of ignoring that requirement were spelt out in the original RFCs - written over 10-15 years ago. Microsoft IGNORED them. They wanted to keep their extension paradigm - and they (well, we) pay the price for that mistake now. Q-S should be able to ignore filenames. The quarantine-attachments.txt file should take Content-Type values instead of filenames as how to block attachments. But there's no point due to a STUPID design decision originally made by Microsoft WHEN ALL THE LITERATURE TOLD THEM NOT TO DO IT. Grr... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
