EMERGENCY: MyParty

Nick Phillips nwp at LEMON-COMPUTING.COM
Tue Jan 29 10:29:59 GMT 2002


On Mon, Jan 28, 2002 at 02:47:16PM -0600, Michael Chaney wrote:

> > >It seems to me that it would make sense to pass the message body into
> > >"DefinitelyClean" and simply check for a uuencoded file, which would be
> > >a simple regex and would surely be quicker than scanning all files.  The
> > >logic would be:
> > >
> > >if mime header return 0;
> > >if uuencoded file in body return 0;
> > >return 1;

> > Can we guarantee that this only works with uuencoded files, and doesn't
> > work with other encodings in some mail clients as well?
>
> I'm very familiar with various ways to package files.  uuencoding has
> been around forever, and MIME is a recent innovation.  Since MIME is
> completely general purpose, there is, at this time, no need for any
> other format.  You'll know if/when the unlikely event occurs that
> another format is used, and can plan for it.

OK, well scanning everything is *definitely* safest. A quick scan for uuencoded
data is all very well, but uuencoded data is not the only thing that you might
find that an email client could conceivably identify and decode: any Mac users
will be familiar with BinHex, for example, which is kind of a Mac equivalent
to uuencoding. I would expect a Mac-based mail client to find and decode that.
Fortunately it's also easy to identify.

Straight Base64 would almost certainly also be picked up by mail clients.

I'm sure there are more.


I guess the real question is "what do the AV scanners understand?" 'cos if
they don't understand it then it doesn't matter whether we pass it off to them
or not...

OK, how many types of archive for passing binary data in email can you think
of?


Answers on a postcard....

--
Nick Phillips -- nwp at lemon-computing.com
Do not overtax your powers.



More information about the MailScanner mailing list