Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MIME::Tools Perl module and virus scanners
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Fri, 7 Jun 2002 16:38:11 -0400 (EDT)

On Thu, 6 Jun 2002, Kee Hinckley wrote:

At 9:08 AM -0400 6/4/02, Wietse Venema wrote:
The proper approach is to eliminate such ambiguity, by normalizing
data, that is, by transforming messages into a form that avoids
all the grey areas where implementations err, or where RFCs are
ambiguous.

Which is non-trivial, and also runs the risk of taking things that
passed a scanner and turning them into something dangerous.

How so?  Assuming that (1) the scanner and the MUA agree on what
"dangerous" means, and that (2) both the MUA and the scanner agree on
the interpretation of the scanner's normalized output, then Venema's
suggestion seems safe.

While (2) should be achievable except with highly unreasonable MUA's,
you have a point that it might be wrong to assume (1).

I would go the other route with a scanner/interpreter.  If the input
doesn't match your understand of the standard--reject it.  Actually,
I was going to say, "or turn it into plain text", but there again we
run into the problem of software which is overly happy to interpret
what the remote sender "meant".  I really don't think there's any
other safe solution.

The safe solution is to use MUA's and operating systems which do not
permit executable content in e-mail messages and which do not encode
file types in file names.  However, every time I bring that up, people
say that it's not feasible.

--
David.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]