[Esd-l] problems with version 1.136 (Mangle MIME type to
TEXT/PLAIN, multipart/related inline images)
John D. Hardin
jhardin at impsec.org
Tue Nov 5 20:31:36 PST 2002
On Tue, 5 Nov 2002, Peter van Campen wrote:
> John D. Hardin wrote:
> > Can anybody suggest a MIME type to use here? application/octet-stream
> > runs the risk of triggering OS magic filetype determination and may
> > not effectively prevent execution. text/plain apparently will cause
> > some mailers to do textish things to the file (EOL conversions,
> > maybe? Line wrap?)
>
> Maybe something like application/DEFANGEDoctet-stream ?
A possibility. Would you be willing to change it to that locally and
report results?
> Maybe one could have something like:
> WARNING: Defanged inline image <DEFANGED_IMG
> instead of:
> <DEFANGED_IMG
> which produces no screen-output in some mailclients.
Hmmm. Maybe.
> Another point: it might be wise for performance-reasons to change
> the /etc/procmailrc to:
> # Only use the sanitizer for mails less than 5MB
> :0
> * <5000000
> {
> INCLUDERC=/etc/procmail/html-trap.procmail
> }
> Or is it stupid to think that large viruses do not spread?
I won't dictate that. If you feel it's a good idea you're more than
welcome to use it that way.
The virus or worm itself if typically small, but when they grab a
random file from the infected system to use as "camouflage", there's
no telling how large the message will end up.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
43 days until The Two Towers
More information about the esd-l
mailing list