Bugtraq mailing list archives
Re: base64
From: Christian Vogel <chris () obelix hedonism cx>
Date: Wed, 24 Sep 2003 09:09:43 +0200
Hi, On Tue, Sep 23, 2003 at 07:50:56PM +0300, Alexander Ogol wrote:
decision in all situations. Some mailing lists (debian-russian, for example) add some 7bit information after letter body while re-forwarding, regardless of was the letter base64/QP encoded or not, resulting of such malformed
Then this software is severly broken (MIME-wise), imho, and needs to be updated/changed/dumed.
So I think that the right solution (before antivirus software would be rewritten) is to write filters by yourself - decode base64 as that do popular mail clients and give them to antivirus.
With this approach, you are always on the "one step behind" side of the problem. It's only a matter of time that someone finds out that (made up example:) you can use a UTF8-mis-encoded "=" in Microsoft's base64-decoder... The only sane way is to check if it's in the standard-form ("abcABC=") and reject or convert if it's not. 99.99% of all software should create the standard form, so please let the tiny fraction of users with broken software suffer when their mails get rejected. (Note: this of course applies not only to Base64 but to all aspects of header-parsing, file-format guessing etc...) Chris -- 01234567 <- The amazing* indent-o-meter! ^ (*: Indent-o-meter may not actually amaze.) -- stolen from Nick Moffitt nick(at)zork.net
Current thread:
- base64 Ilya Teterin (Sep 22)
- Re: base64 Bennett Todd (Sep 22)
- Re: base64 Erwan David (Sep 23)
- Re: base64 Birl (Sep 23)
- Re: base64 Lothar Kimmeringer (Sep 24)
- Re: base64 David Wilson (Sep 24)
- Re: base64 Earl Hood (Sep 25)
- Re: base64 Christian Vogel (Sep 25)
- Re: base64 Seth Breidbart (Sep 24)
- Re: base64 Lothar Kimmeringer (Sep 24)
- Re: base64 Alexander Ogol (Sep 23)
- Re: base64 Christian Vogel (Sep 24)
- Re: base64 David Wilson (Sep 24)
- Re: base64 der Mouse (Sep 24)
- Re: base64 Christian Vogel (Sep 24)
- Re: base64 Earl Hood (Sep 26)
- <Possible follow-ups>
- RE: base64 latte (Sep 23)
- Re: base64 Ilya Teterin (Sep 23)
- Re: base64 MightyE (Sep 24)
- Re: base64 Buck Huppmann (Sep 24)
- Re: base64 Andrew Church (Sep 25)
- Message not available
- Re: base64 MightyE (Sep 25)
- Re: base64 Bennett Todd (Sep 25)
- Re: base64 Buck Huppmann (Sep 24)