testvirus.org
Peter Bonivart
peter at UCGBOOK.COM
Sun Mar 21 22:58:44 GMT 2004
Furnish, Trever G wrote:
> Is it REALLY "non-compliant" though? If I'm a message and I say I have
> attachments and I define a boundary string, but then I don't include the
> boundary string in the message, all that really means is that I don't have
> attachments, right? Is it really something worth worrying about? I would
> think if it is, then it's only worth worrying about because of a specific
> broken behavior in a specific broken MUA. Not that those should never be
> blocked, but ... anyone know what client this actually represents a
> vulnerability for and what the impact is? I suppose I should stop being
> lazy and go look it up somewhere... but it's Sunday and I'm lazy. :-)
What I meant was that trying to predict how the spammers are gonna break
the standard is impossible. Let's reverse it instead, attachments with
non-matching boundaries can be blocked. Am I wrong when I think that
would have taken care of the three failed tests?
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25
More information about the MailScanner
mailing list