MIMEDefang update (was Re: Bypassing SMTP Content Protection )
From: David F. Skoll (dfs@roaringpenguin.com)Date: 09/12/02
- Previous message: Martin Schulze: "[SECURITY] [DSA 165-1] New PostgreSQL packages fix several vulnerabilities"
- In reply to: Aviram Jenik: "Bypassing SMTP Content Protection with a Flick of a Button"
- Next in thread: Menashe Eliezer: "FW: Bypassing SMTP Content Protection with a Flick of a Button"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Sep 2002 11:11:07 -0400 (EDT) From: "David F. Skoll" <dfs@roaringpenguin.com> To: bugtraq@securityfocus.com
MIMEDefang (http://www.roaringpenguin.com/mimedefang/) is an SMTP
filtering tool which in its default configuration is susceptible
to this attack.
MIMEDefang relies on the MIME::tools Perl parsing module. This module
correctly descends into "message/rfc822" entities and parses parts
inside them, but it does not descend into "message/partial" entities.
Therefore, even the default filename checks will not work with
"message/partial" types. I hope to have a patched version of MIME::tools
soon.
For the next MIMEDefang release, the default filter will be modified to drop
message/partial parts. Current users of MIMEDefang should add the
following code to their filter and filter_multipart routines:
# Block message/partial parts
if (lc($type) eq "message/partial") {
action_quarantine_entire_message();
action_notify_administrator("Message quarantined because of message/partial type");
return action_discard();
}
-- David.
- Previous message: Martin Schulze: "[SECURITY] [DSA 165-1] New PostgreSQL packages fix several vulnerabilities"
- In reply to: Aviram Jenik: "Bypassing SMTP Content Protection with a Flick of a Button"
- Next in thread: Menashe Eliezer: "FW: Bypassing SMTP Content Protection with a Flick of a Button"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
