Re: NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]

[Joe Yandle <jwy () divisionbyzero com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> It seems that NAI WebShield SMTP for NT can't handle all mime headers 
> properly. One example is below. WebShield can't parse this and it does 
> not realize that message has attachment. And because it does not realize 
> there is attachment it won't check it for viruses or against attachment 
> name.
>
> MIME-Version: 1.0
> Content-Type: multipart/related;
> type="multipart/alternative";
> boundary="====_ABC1234567890DEF_===="

This is not a bug in NAI WebShield, but rather a bug in any email
client which parses this as a valid MIME message.  Read RFC 822,
section 3.1.1, if you don't understand how to correctly fold
email headers.  Since the 'boundary' field should be discarded,
this email cannot be parsed for MIME attachments, and thus 
logically does not contain the virus.

Instead of complaining about your virus scanner's correct behavior,
you might want to complain to whoever wrote your email client.
This is a perfect example of how necessary it is for standards to be
implemented correctly at all levels ;)

cheers,
- --
Joe Yandle
http://www.divisionbyzero.com/jwy/pubkey.asc

If video games really affected kids, then we'd all be running around in
dark rooms, munching on pills, and listening to electronic music.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8B1LUy8aHBE8tCGcRAixKAJ95liB6idzd9JR+9mgtU667xsb9uwCdGnzX
tDcqAeVbtjiJ3gii9tbXG0E=
=Q3x5
-----END PGP SIGNATURE-----