testvirus.org

Julian Field mailscanner at ecs.soton.ac.uk
Mon Mar 22 09:44:51 GMT 2004


At 22:58 21/03/2004, you wrote:
>Furnish, Trever G wrote:
>>Is it REALLY "non-compliant" though?  If I'm a message and I say I have
>>attachments and I define a boundary string, but then I don't include the
>>boundary string in the message, all that really means is that I don't have
>>attachments, right?  Is it really something worth worrying about?  I would
>>think if it is, then it's only worth worrying about because of a specific
>>broken behavior in a specific broken MUA.  Not that those should never be
>>blocked, but ... anyone know what client this actually represents a
>>vulnerability for and what the impact is?  I suppose I should stop being
>>lazy and go look it up somewhere... but it's Sunday and I'm lazy. :-)
>
>What I meant was that trying to predict how the spammers are gonna break
>the standard is impossible. Let's reverse it instead, attachments with
>non-matching boundaries can be blocked. Am I wrong when I think that
>would have taken care of the three failed tests?

But you can't tell the difference between ordinary text and a non-matching
boundary.
Say you set the boundary to "hellothere" (perfectly legitimate boundary)
but then put
--thisIsAnotherBoundary
in your message, how do you tell that it's a boundary that is using
different text from the one it said it was going to use? Start banning
every message that has text lines in it starting with "--"? I can't see
that going down too well with your users...

--Jules.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list