From: Robert Schetterer (robertschetterer.org)
Date: Thu Feb 01 2007 - 13:05:35 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema schrieb:
> Robert Schetterer:
>>> Incompatible changes with Postfix 2.3.7
>>> ---------------------------------------
>>>
>>> Postfix no longer inserts an empty-line header/body separator into
>>> malformed MIME attachments, to avoid breaking digital signatures.
>>>
>>> This change introduces ambiguity. Postfix still treats the remainder
>>> of the attachment as body content; header_checks rules will therefore
>>> not detect forbidden MIME types inside a message/rfc822 attachment.
>>>
>>> With the empty-line header/body separator no longer inserted by
>>> Postfix, other software may process the malformed attachment
>>> differently, and thus may become exposed to forbidden MIME types.
>> Hi ll
>> please corect me if iam wrong
>> just a small understanding question
>>
>> changes 20070112
>> "will not" break such rules in body_checks
>>
>> /^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\
>> *"?.*\.(lnk|asd|ocx|reg|bat|c[ho]m|cmd|exe|dll|.....etc
>>
>> should i be aware of other bugs with filters like clamsmtp, spampd etc
>> with this change
>
> As documented they DID NOT work in a MALFORMED attachment and they
> STILL DO NOT work in a MALFORMED attachment.
>
> Wietse
>
> --
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
>
Hi Wietse, ok thx to make this clear

--
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

https://www.schetterer.org
Munich/Bavaria/Germany

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]