On 9 Apr 2016, at 9:00, Wietse Venema wrote:
Unfortunately, I don't have time to decode this discussion. Can
someone post a tested diff, someone maybe post a revised version,
and when there is agreement, then I can adopt it.
Simplest fix: prevent *that* class of false positives by narrowing the
check to a single attribute, rather than including all attributes in the
header following one which includes 'name' in its name:
- /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
+ /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
As Viktor noted: regular expressions are the wrong toolkit for MIME
parsing. A proper mature MIME parser is available for Postfix in the
MIMEDefang milter, which also is a fine tool for hooking in SpamAssassin
and AV tools.
