[Esd-l] Re: procmail sanitizer and 8-bit attachments.
John D. Hardin
jhardin at impsec.org
Tue Jun 24 20:58:43 PDT 2003
On Tue, 24 Jun 2003, Joe Steele wrote:
> Unfortunately, it needs to be pretty broad. I tested the following
> header with older and newer versions of MS Outlook/OE (note the
> absence of quotations
The sanitizer cleans up missing quotes.
> , the addition of text before the '=?'
Oops. See below.
> , and the use of a non-"iso" char. set):
>
> Content-Type: application/octet-stream;
> name=test=?us-ascii?B?TW92aWVfMDA3NC5tcGVnLmJhdA==?=
>
> The result was that Outlook interprets the header to read:
>
> Content-Type: application/octet-stream;
> name="testMovie_0074.mpeg.bat"
>
> > * ^Content-(Type|Disposition):.*name="=\?[^?"]+\?[BQ]\?
> >
> > ..is as general as I'd dare get.
>
> To deal with the missing quotes and the added text, it probably needs
> to be (at the risk of again being too broad):
>
> * ^Content-(Type|Disposition):.*name=.*=\?[^?]+\?[BQ]\?
How about:
* ^Content-(Type|Disposition):.*name *= *"?[^"=]*=\?[^?"]+\?[BQ]\?
The "? would be a plain " if the rule appeared after sanitizing, in a
non-"local rule" context.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The fetters imposed on liberty at home have ever been forged out
of the weapons provided for defense against real, pretended, or
imaginary dangers from abroad.
-- James Madison, 1799
-----------------------------------------------------------------------
497 days until the Presidential Election
More information about the esd-l
mailing list