V4: 4.00.0a11-1 not including Inline Warning (new tests)
Julian Field
mailscanner at ecs.soton.ac.uk
Fri Oct 11 00:37:21 IST 2002
Dustin,
Many thanks for sending me your test file. I have run it through the 4a12
code and it is actually doing the only thing it can do, which I had written
you a great long explanation of.
However, after I explained it all, I realised what I needed to do.
4a13 looks at the structure of the message it is signing. After all the
dangerous stuff has been replaced with VirusWarning.txt attachments, and
the MIME structure has been re-arranged so you actually get to see them
all, it takes another look at the message structure. If there is now no
inline message body left at all (as is the case with Bugbear messages),
then it hasn't got anything in which to put the inline warning. So it adds
another MIME section at the top of the list just so that it can put the
inline warning in it.
At 20:39 10/10/2002, you wrote:
>Julian Field wrote:
> >
> > I have just tested this with a hand-crafted message containing this:
> > <html>
> > This is <iframe tag><b>HTML</b>.</html>
> > in an HTML multipart/alternative message.
> >
> > The "Allow IFrame tags" switch did exactly what I intended. If it was set
> > to allow them, the message got through untouched (but Eudora was nice
> > enough to rip out the <iframe tag> before displaying it. If it was set to
> > stop them, I got the inline warning and the VirusWarning.txt attachment as
> > I expected.
> >
> > Hmmm....
>
>No problem with that.
>
>What are your results if you Allow IFrame Tags = no and then send a
>message that includes an <IFRAME> pointing to an attached Bugbear
>infected file? This is where I am running into not having the Inline
>Warning (The 'e' in 'iframe' removed in the following example):
>
><ifram src=3Dcid:nHBT78M2Le7jM height=3D0 width=3D0></ifram>
>...
>Content-Type: audio/x-midi;
> name=hosting.ppt.exe
>Content-Transfer-Encoding: base64
>Content-ID: <nHBT78M2Le7jM>
>(INFECTED ATTACHMENT)
>
>
>
>Dustin
>
>--
>Dustin Baer
>Unix Administrator/Postmaster
>Information Handling Services
>15 Inverness Way East
>Englewood, CO 80112
>303-397-2836
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list