[Esd-l] SECURITY_STRIP_MSTNEF

Joe Steele joe at madewell.com
Thu Sep 11 13:14:13 PDT 2003


I find that SECURITY_STRIP_MSTNEF=YES does not result in the removal 
of ms-tnef attachments in cases where the MIME headers do not give 
the attachment a name (e.g., winmail.dat).  I presume that the intent 
was to strip ms-tnef attachments regardless of whether they have been 
given a name.

Some example MIME headers for which stripping fails:

> ------_=_NextPart_000_01C3773C.483BEE40
> Content-Type: application/ms-tnef
> Content-Transfer-Encoding: base64
>
> VGhpcyBpcyBub3QgYSByZWFsIG1zLXRuZWYgYXR0YWNobWVudC4KVGhpcyBpcyBub3QgYSBy
> ZWFsIG1zLXRuZWYgYXR0YWNobWVudC4KVGhpcyBpcyBub3QgYSByZWFsIG1zLXRuZWYgYXR0
> YWNobWVudC4KVGhpcyBpcyBub3QgYSByZWFsIG1zLXRuZWYgYXR0YWNobWVudC4KVGhpcyBp
> cyBub3QgYSByZWFsIG1zLXRuZWYgYXR0YWNobWVudC4K
>
> ------_=_NextPart_000_01C3773C.483BEE40--
>

The patch which follows seems to solve the problem, although John 
Hardin should review the whole issue because my fluency in Perl 
stinks :)

--Joe


--- v1.139-orig/html-trap.procmail	Sun Sep  7 13:14:25 2003
+++ v1.139-revised/html-trap.procmail	Thu Sep 11 14:32:30 2003
@@ -1033,7 +1033,7 @@
 		warn " Filename now \"$filen\".\n";	#\
 	      }	#\
 	      if (($mtype) = $hdrtxt =~ /^Content-Type:\s+([a-z0-9-_]+\/[a-z0-9-_]+)/i) {	#\
-	        unless ($mtype =~ /^(multipart|text|message)\//i) {	#\
+	        unless ($mtype =~ /^((multipart|text|message)\/|application\/ms-tnef)/i) {	#\
 		  unless ($hdrtxt =~ /name\s*=\s*"/i) {	#\
 		    $dfrhdr .= "$hdrtxt\n"; $hdrtxt = "";	#\
 		  }	#\



More information about the esd-l mailing list