Re: determine encryption?

From: Karl Levinson [x y], mvp (levinson_k@despammed.com)
Date: 04/06/03 

From: "Karl Levinson [x y], mvp" <levinson_k@despammed.com>
Date: Sun, 6 Apr 2003 15:54:26 -0400

As far as I can tell, that isn't exactly an encrypted email... what you're
seeing is the normal way that SMTP internet email handles attachments. SMTP
internet email doesn't really support attachments per se, so attachments
have to be encoded / converted [different from being encrypted] so that they
can be inserted as ASCII characters into the body of the email.

What you're seeing is that your email reader failed to decode the email
attachment correctly. In some cases this could be caused by a worm [or in
much rarer cases a malicious attacker] purposely using a broken or
non-standard MIME header to exploit some flaw in common email readers to try
to get your email reader to automatically execute some code. For example,
some worm emails will automatically launch Windows Media Player, which might
cause a delay or a freeze on your computer, depending. Looking at this
email, I might instead suspect someone who doesn't know much about computers
using spamming software they purchased and not realizing that it's sending
out malformed emails.

I'm not sure the encoding is the problem [it might or might not be a symptom
of the real cause of the problem instead of being the problem itself], and
I'm not sure the script will solve your problem. I might suspect some sort
of software issue on your computer, and perhaps missing security patches.
You might also look into running Outlook Express / IE in the restricted
sites zone, or using an alternative mail reader, and/or the usual PC
diagnostic steps such as confirming there is enough free disk space, running
scandisk and defrag, etc.

I also suspect that you could possibly have too many rules or too complex
rules.

Having said all that, in order to fix the problem with your email rules
hanging your computer, you could write a first rule that looks for certain
key words such as Content-Type: or multipart or Content-Transfer-Encoding:
or base64 and stop processing any rules for emails that meet this criteria.
[You might find that an awful lot of emails meet this criteria, however.]

"George Hester" <hesterloli@hotmail.com> wrote in message
news:eSt#YMx#CHA.2044@TK2MSFTNGP10.phx.gbl...
I am getting some encrypted e-mail in Outlook. I set up some VBA script to
delete all HTML mail I get containing href and src. But here is my problem.

I am getting encrypted email and what this does is bring Outlook VBA to its
knees. It will stop the rule from function until I refunction it and unitl
I do that I am ruleless. Not a pretty sight.

So I am wondering is there some way I can determine if a received e-mail is
encrypted so that maybe I can test for that in VBA in Outlook and stop the
encrypted mail from bringing down my rule? Here is an example of where I
think the information may be contained:

Subject: 39 pics of girls with mega hair between the legs
snudqw}4Cq|fds1uu1frp
MIME-Version: 1.0
Content-Type: multipart/related;
  boundary="----=_NextPart_000_000E_3201391B.40340587"

------=_NextPart_000_000E_3201391B.40340587
Content-Type: text/html;
Content-Transfer-Encoding: base64

The rest is the encrypted message.

Some how if it is in here I'll need to read what is necessary in VBA and
extract it. If I don't this encryption breaks VBA and so my script rule.
There is always something to screw up good intentions. 

--
George Hester
__________________________________