testvirus.org

Peter Bonivart peter at UCGBOOK.COM
Sun Mar 21 22:58:44 GMT 2004


Furnish, Trever G wrote:
> Is it REALLY "non-compliant" though?  If I'm a message and I say I have
> attachments and I define a boundary string, but then I don't include the
> boundary string in the message, all that really means is that I don't have
> attachments, right?  Is it really something worth worrying about?  I would
> think if it is, then it's only worth worrying about because of a specific
> broken behavior in a specific broken MUA.  Not that those should never be
> blocked, but ... anyone know what client this actually represents a
> vulnerability for and what the impact is?  I suppose I should stop being
> lazy and go look it up somewhere... but it's Sunday and I'm lazy. :-)

What I meant was that trying to predict how the spammers are gonna break
the standard is impossible. Let's reverse it instead, attachments with
non-matching boundaries can be blocked. Am I wrong when I think that
would have taken care of the three failed tests?

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25



More information about the MailScanner mailing list