Re: standards spring cleaning2004-12-07 10:29:44Don't forget Informational RFCs. For example, RFC 1344 has some very important advice for gateway implementors (and that includes software which acts as a gateway, such as message scanners). Unfortunately some such implementors have ignored 1344, resulting in problems: http://www.kb.cert.org/vuls/id/836088 Actually, neither RFC 1344 nor RFC 2046, in my opinion, draw sufficient attention to this problem. In both cases, I would be happier if we had said something in the security considerations about the necessity to reassemble message/partials into their "parent" message before applying any security-related content scans.
|
|