Could not parse Outlook Rich Text attachment

Mark Sapiro mark at msapiro.net
Tue Oct 15 18:23:17 IST 2013 

On 10/14/2013 02:16 PM, Robert Lopez wrote:
> I am seeing a lot of log lines like these:
> 
> Oct 14 13:37:15 mg08 MailScanner[22850]: Expanding TNEF archive at
> /var/spool/MailScanner/incoming/22850/B30054C0007.A33A0/winmail.dat
> Oct 14 13:37:15 mg08 MailScanner[22850]: Trying to unpack nwinmail.dat
> in message B30054C0007.A33A0, could not create subdirectory
> B30054C0007.A33A0//tnefncr7nY, failed to unpack TNEF message
> Oct 14 13:37:15 mg08 MailScanner[22850]: Corrupt TNEF winmail.dat that
> cannot be analysed in message B30054C0007.A33A0


The 4.84.6-1 MailScanner/TNEF.pm contains the following at line 232

  my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir,
UNLINK => 0);

This doesn't do anything reasonable. It creates a file, not a directory,
and TMPDIR is a boolean, not a path so this causes the file to be
created in the "File::Spec->tmpdir" directory, not $dir.

I'm not sure in what version this was introduced. It's not in
<https://github.com/MailScanner/MailScanner/blob/master/mailscanner/bin/MailScanner/TNEF.pm>

It should probably be something like

  my $unpackdir = tempdir("tnefXXXXXX", DIR => $dir);

but this is untested.


> I have been looking through the source of MailScanner-4.84.5-3 and I do
> not recognize any answers to my questions.
> 
> Can the attachment really be named "nwinmail.dat" or is that first "n" a
> typographical error?


nwinmail.dat is not the attachment name, it is a MailScanner name for
the file where the attachment will be stored for decoding/scanning.


> Any hints on how to find why the directory cannot be created? By the
> time I find log lines and take a look the parent directory is already gone.


Try the above suggested replacement and see if it helps.


> If the winmail.dat file is removed will the email lose information?  If
> not, how is MailScanner told to remove it without trying to scan it?


I don't understand this question. I think what "should" happen with this
message is the winmail.dat is unscanned and the mail with the
winmail.dat is delivered.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list