Literally millions of users worldwide may soon get bit by the MIME filename
buffer
overflow bug described at
http://www.sjmercury.com/business/microsoft/docs/security0728.htm
This bug is particularly insidious because it can be exploited via
by spamming software and could impact millions of users in a very short
time.
I would like to try to use procmail to plug the hole at the mail server,
by truncating the excessively long file names in the MIME headers. (Procmail
seems to be the best tool for the job). However, I have no experience with
procmail. Could someone help me write a procmail.rc that will eliminate the
extra-long filenames, truncating them back to (say) 64 characters max?
All that's required is to recognize the header
Content-Disposition: attachment; filename="<verylongname>"
and make sure that <verylongname> is chopped to a reasonable size. Then, I
must learn to install procmail to filter all users' incoming mail.
This would be a fix for which thousands of sysadmins and many more users
would be exceedingly grateful.
Can folks on this list help me to do this? Credit will be given and many admins
and users will doubtless be eternally grateful.
--Brett
P.S. -- I'm not a regular subscriber to the procmail list, so please cc: me
on responses.