Bugtraq mailing list archives
Re: MIME::Tools Perl module and virus scanners
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Fri, 7 Jun 2002 16:38:11 -0400 (EDT)
On Thu, 6 Jun 2002, Kee Hinckley wrote:
At 9:08 AM -0400 6/4/02, Wietse Venema wrote:The proper approach is to eliminate such ambiguity, by normalizing data, that is, by transforming messages into a form that avoids all the grey areas where implementations err, or where RFCs are ambiguous.
Which is non-trivial, and also runs the risk of taking things that passed a scanner and turning them into something dangerous.
How so? Assuming that (1) the scanner and the MUA agree on what "dangerous" means, and that (2) both the MUA and the scanner agree on the interpretation of the scanner's normalized output, then Venema's suggestion seems safe. While (2) should be achievable except with highly unreasonable MUA's, you have a point that it might be wrong to assume (1).
I would go the other route with a scanner/interpreter. If the input doesn't match your understand of the standard--reject it. Actually, I was going to say, "or turn it into plain text", but there again we run into the problem of software which is overly happy to interpret what the remote sender "meant". I really don't think there's any other safe solution.
The safe solution is to use MUA's and operating systems which do not permit executable content in e-mail messages and which do not encode file types in file names. However, every time I bring that up, people say that it's not feasible. -- David.
Current thread:
- MIME::Tools Perl module and virus scanners David F. Skoll (Jun 03)
- Re: MIME::Tools Perl module and virus scanners Wietse Venema (Jun 04)
- Re: MIME::Tools Perl module and virus scanners Kee Hinckley (Jun 07)
- Re: MIME::Tools Perl module and virus scanners David F. Skoll (Jun 07)
- Re: MIME::Tools Perl module and virus scanners Kee Hinckley (Jun 07)
- Re: MIME::Tools Perl module and virus scanners Bennett Todd (Jun 04)
- <Possible follow-ups>
- Re: MIME::Tools Perl module and virus scanners David F. Skoll (Jun 04)
- Re: MIME::Tools Perl module and virus scanners Wietse Venema (Jun 04)