Bill Cole:
> On 9 Apr 2016, at 9:00, Wietse Venema wrote:
>
> > Unfortunately, I don't have time to decode this discussion. Can
> > someone post a tested diff, someone maybe post a revised version,
> > and when there is agreement, then I can adopt it.
>
>
> Simplest fix: prevent *that* class of false positives by narrowing the
> check to a single attribute, rather than including all attributes in the
> header following one which includes 'name' in its name:
>
> - /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
> + /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
Thanks, got it.
> As Viktor noted: regular expressions are the wrong toolkit for MIME
> parsing. A proper mature MIME parser is available for Postfix in the
> MIMEDefang milter, which also is a fine tool for hooking in SpamAssassin
> and AV tools.
Absolutely. But this class of false positives is easy to remove.
Wietse
