recently I read an article at VirusBulletin about JunkMail virus.
it seems that comments can be added to MIME headers and nothing stops that.
for example (from the article:
http://www.virusbtn.com/resources/viruses/indepth/junkmail.xml )
a header like that:
----------------
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=TFICLMGJ
----------------
could be altered to that:
----------------
M(F)IM(])E-(*/
*)V(y)e(7)r(*)s(U*0)i(*LZ)o(H)n(.):(l)
1(:*=).0
Content-Type: mul(26)t(fH*)ip(|*)a(***)rt(*)/
mi(/*j)x(8)e('M)d;
(<|)bo(*,)u(1**)nda(D)r(L+K)y=TFICLMGJ
----------------
bad isn't it? all the () do the trick..
any ideas..??
could the classic:
* ^Content-Transfer-Encoding[ ]*:.*base64
be transormed to this: * ^Content-Transfer-Encoding[ ]*:.*[base64]
or the * ^Content-Type[ ]*:.*(application|audio) to *
Content-Type[ ]*:.*[aplictonud]
in order to maintain functionality?
-----------------------------------------------------
signature text:
Nikos K. Kantarakias
URLs: http://www.nikant.tk/
http://www.skiathos.tk/
http://agriroot.aua.gr/
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail