At 15:37 09/07/2004, John C Klensin wrote:
> I've thought about it and I really can't see any sensible way
> to actually scan the message.. It looks as if the virus
> scanning engine is just looking for the text
> 'Content-Transfer-Encoding:' anywhere in the message text and
> is trying to decode the following text accordingly. This seems
> decidedly dodgy to me.
It really isn't dodgy if you have email clients that:
* Opens things, or can be configured to do so, only
according to content-type, not file names or heuristics
on content.
That isn't really what I'm saying..
And, for the specific example you give, yes, if you are
expecting the MTA to protect MUAs from bad things happening, the
capabilities associated with the MTA, and the assumptions those
capabilities make, have to be well-matched to the MUA.
Specifically, if the MTA-based scanner works on a content-type
basis only, then the MUA needs to work on a content-type basis
only. If not, you need to upgrade (or get rid of) one or the
other.
What the manual virus scanner is doing is seeing the Content-Type: line
ANYWHERE in an email message, and processing it
So, it would scan this email message (and find (almost) the EICAR test
virus - I changed it a bit so it wouldn't be blocked, hopefully)
Is that what you'd expect to see happening, or should it just be treated as
plain text (which it is)
Content-Type: Base64
WDVPIVAlQEFQWzRcUFpYNTQoUG5wN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNU
LUZJTEUhJEgrSCo=
It would be interesting to see if any email clients (or other email virus
scanners) can detect that as an attachment...
Paul VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/