MailScanner interprets header-like lines in a text/plain body as actual headers

Mark Sapiro mark at msapiro.net
Sun May 15 18:25:14 IST 2011 

A single part text/plain message containing the following body (unquoted)

> Some text followed by
> 
> Content-Type: text/plain;
>  name="test.exe"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
>  filename="test.exe"
> 
> followed by more text

is treated by MailScanner as containing an attachment named 'test.exe'.

MailScanner reports

May 15 10:13:24 sbh16 MailScanner[24185]: Filename Checks: Windows/DOS
Executable (C9B9F6900B1.A3C91 )
May 15 10:13:24 sbh16 MailScanner[24185]: Saved entire message to
/var/spool/MailScanner/quarantine/20110515/C9B9F6900B1.A3C91

MailScanner -v
Running on
Linux sbh16.songbird.com 2.6.18-8.1.14.el5 #1 SMP Thu Sep 27 18:58:54
EDT 2007 i
686 i686 i386 GNU/Linux
This is CentOS release 5 (Final)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.83.5
Module versions are:
1.00    AnyDBM_File
1.30    Archive::Zip
0.23    bignum
1.04    Carp
1.41    Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.121_08        Data::Dumper
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
1.08    File::Path
0.20    File::Temp
0.90    Filesys::Df
3.64    HTML::Entities
3.64    HTML::Parser
3.57    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.04    Mail::Header
1.89    Math::BigInt
0.22    Math::BigRat
3.05    MIME::Base64
5.427   MIME::Decoder
5.427   MIME::Decoder::UU
5.427   MIME::Head
5.427   MIME::Parser
3.03    MIME::QuotedPrint
5.427   MIME::Tools
0.13    Net::CIDR
1.25    Net::IP
0.16    OLE::Storage_Lite
1.04    Pod::Escapes
3.05    Pod::Simple
1.09    POSIX
1.19    Scalar::Util
1.78    Socket
2.16    Storable
1.4     Sys::Hostname::Long
0.27    Sys::Syslog
1.26    Test::Pod
0.86    Test::Simple
1.68    Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.30    Archive::Tar
0.23    bignum
1.82    Business::ISBN
1.10    Business::ISBN::Data
1.08    Data::Dump
1.814   DB_File
1.25    DBD::SQLite
1.607   DBI
1.10    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.11    Digest::SHA1
1.00    Encode::Detect
0.17008 Error
0.18    ExtUtils::CBuilder
2.18    ExtUtils::ParseXS
2.38    Getopt::Long
0.44    Inline
1.08    IO::String
1.04    IO::Zlib
2.21    IP::Country
0.29    Mail::ClamAV
3.003001        Mail::SpamAssassin
v2.004  Mail::SPF
1.999001        Mail::SPF::Query
0.2808  Module::Build
0.20    Net::CIDR::Lite
0.65    Net::DNS
0.002.2 Net::DNS::Resolver::Programmable
missing Net::LDAP
 4.004  NetAddr::IP
1.94    Parse::RecDescent
missing SAVI
2.64    Test::Harness
0.95    Test::Manifest
1.98    Text::Balanced
1.35    URI
0.7203  version
0.62    YAML

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list