[Esd-l] SECURITY_STRIP_MSTNEF
Joe Steele
joe at madewell.com
Thu Sep 11 13:14:13 PDT 2003
I find that SECURITY_STRIP_MSTNEF=YES does not result in the removal
of ms-tnef attachments in cases where the MIME headers do not give
the attachment a name (e.g., winmail.dat). I presume that the intent
was to strip ms-tnef attachments regardless of whether they have been
given a name.
Some example MIME headers for which stripping fails:
> ------_=_NextPart_000_01C3773C.483BEE40
> Content-Type: application/ms-tnef
> Content-Transfer-Encoding: base64
>
> VGhpcyBpcyBub3QgYSByZWFsIG1zLXRuZWYgYXR0YWNobWVudC4KVGhpcyBpcyBub3QgYSBy
> ZWFsIG1zLXRuZWYgYXR0YWNobWVudC4KVGhpcyBpcyBub3QgYSByZWFsIG1zLXRuZWYgYXR0
> YWNobWVudC4KVGhpcyBpcyBub3QgYSByZWFsIG1zLXRuZWYgYXR0YWNobWVudC4KVGhpcyBp
> cyBub3QgYSByZWFsIG1zLXRuZWYgYXR0YWNobWVudC4K
>
> ------_=_NextPart_000_01C3773C.483BEE40--
>
The patch which follows seems to solve the problem, although John
Hardin should review the whole issue because my fluency in Perl
stinks :)
--Joe
--- v1.139-orig/html-trap.procmail Sun Sep 7 13:14:25 2003
+++ v1.139-revised/html-trap.procmail Thu Sep 11 14:32:30 2003
@@ -1033,7 +1033,7 @@
warn " Filename now \"$filen\".\n"; #\
} #\
if (($mtype) = $hdrtxt =~ /^Content-Type:\s+([a-z0-9-_]+\/[a-z0-9-_]+)/i) { #\
- unless ($mtype =~ /^(multipart|text|message)\//i) { #\
+ unless ($mtype =~ /^((multipart|text|message)\/|application\/ms-tnef)/i) { #\
unless ($hdrtxt =~ /name\s*=\s*"/i) { #\
$dfrhdr .= "$hdrtxt\n"; $hdrtxt = ""; #\
} #\
More information about the esd-l
mailing list