Bugtraq mailing list archives
RE: Non existing attachments, more info
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Tue, 19 Feb 2002 16:20:25 -0500 (EST)
On Tue, 19 Feb 2002, Grimes, Roger wrote:
Your second option, although widely implemented by lots of SMTP solutions, could cause more problems than it solves. I believe that if the message isn't RFC-compliant and coded correctly, it should be rejected, period.
You are probably right, but that breaks the "robustness principle": be conservative in what you do, be liberal in what you accept from others (RFC 793, referring to TCP, but a widely-held philosophy in Internet standards.) I think that reformatting the message as valid MIME is a reasonable compromise, because it should ensure that MUA's interpret the message the same way the scanner did. However, when I have time, I will add the option to my scanner to reject suspicious messages of any type. Long term, though, the only way around e-mail-borne malware is to stop using susceptible programs like Windows and Outlook. It is this last step that people are reluctant to take. -- David.
Current thread:
- Non existing attachments, more info Valentijn Sessink (Feb 16)
- Re: Non existing attachments, more info David F. Skoll (Feb 19)
- Re: Non existing attachments, more info Jason Haar (Feb 20)
- <Possible follow-ups>
- RE: Non existing attachments, more info Grimes, Roger (Feb 20)
- RE: Non existing attachments, more info David F. Skoll (Feb 20)
- Re: Non existing attachments, more info William D. Colburn (aka Schlake) (Feb 20)
- RE: Non existing attachments, more info David F. Skoll (Feb 20)
- Re: Non existing attachments, more info David F. Skoll (Feb 19)