Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Non existing attachments, more info
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Tue, 19 Feb 2002 16:20:25 -0500 (EST)

On Tue, 19 Feb 2002, Grimes, Roger wrote:

Your second option, although widely implemented by lots of SMTP solutions,
could cause more problems than it solves.  I believe that if the message
isn't RFC-compliant and coded correctly, it should be rejected, period.

You are probably right, but that breaks the "robustness principle": be
conservative in what you do, be liberal in what you accept from others
(RFC 793, referring to TCP, but a widely-held philosophy in Internet
standards.)

I think that reformatting the message as valid MIME is a reasonable
compromise, because it should ensure that MUA's interpret the message
the same way the scanner did.  However, when I have time, I will add
the option to my scanner to reject suspicious messages of any type.

Long term, though, the only way around e-mail-borne malware is to stop
using susceptible programs like Windows and Outlook.  It is this last
step that people are reluctant to take.

--
David.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]