On Tue, Sep 23, 2003 at 07:50:56PM +0300, Alexander Ogol wrote:
decision in all situations. Some mailing lists (debian-russian, for example)
add some 7bit information after letter body while re-forwarding, regardless
of was the letter base64/QP encoded or not, resulting of such malformed
Then this software is severly broken (MIME-wise), imho, and needs to be
So I think that the right solution (before antivirus software would be
rewritten) is to write filters by yourself - decode base64 as that do
popular mail clients and give them to antivirus.
With this approach, you are always on the "one step behind" side of
the problem. It's only a matter of time that someone finds out that
(made up example:) you can use a UTF8-mis-encoded "=" in Microsoft's
base64-decoder... The only sane way is to check if it's in the
standard-form ("abcABC=") and reject or convert if it's not.
99.99% of all software should create the standard form, so please
let the tiny fraction of users with broken software suffer
when their mails get rejected.
(Note: this of course applies not only to Base64 but to all aspects
of header-parsing, file-format guessing etc...)