On Tue, Oct 19, 2004 at 10:34:30AM +0200, Torsten Kurbad wrote:
> The FAQ to qmail-scanner is a bit misleading here, since it
> implies that all header lines containing a \r (also at the EOL)
> won't pass the filter.
That's a bit unfair. The reality is that the FAQ would have to quote a fair
chunk from the appropriate RFCs to be more explicit.
What it says is correct: "Qmail-Scanner blocks any MIME e-mail message that
contains either NULL characters ("\0") or CR chars ("\r") in the headers"
The fact that in the SMTP transaction, all lines end in "\r\n" is irrelevent
- Q-S doesn't "deal" in SMTP transactions - it sees what got written to
disk. There the lines all end in "\n" only.
Again, it also says "MIME" - if you have lone "\r" or "\0" chars in a
non-MIME message, Q-S won't care either - as the whole reason it's doing the
checks is in order to deal correctly with MIME attachments.
> full of questions regarding the "Disallowed MIME characters". Doing so
> would for sure clarify a lot, at least for people who can (and are
> willing to) read ;-)
The problem is that a lot of people have written SMTP clients - and most of
them are ignorant about the nasty habits of virus writers. It's not really
their fault - it's not an issue they thought they were impacting on.
In fact, just last week we had a mail message from Microsoft that was
blocked by Qmail (not Qmail-Scanner!) for having raw LF - looking at the
message shows that someone hand-wrote it (probably in NotePad) and then they
bunged it into some naive SMTP client - which didn't tidy it up (i.e. strip
out/replace those LFs). So it even happens to the Big Boys.
The problem with the "policy blocks" in Q-S is that they *by definition*
block things that "aren't correct" in an attempt to proactively block new
and innovative viruses before the assosiated AV subsystems are updated to
catch them. Unfortunately, there are a lot of things that aren't correct :-(
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
