[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1082234495@prophysoft.org.ua>
Date: Tue, 23 Sep 2003 19:50:56 +0300
From: Alexander Ogol <sanyok_nospam@...physoft.org.ua>
To: bugtraq@...urityfocus.com
Subject: Re: base64
>>>>> "IT" == Ilya Teterin writes:
[kham-kham-kham....argh....]
IT> How to solve this issue? I believe we should rewrite at least
IT> filtering systems to block malformed base64-encoded data because we
IT> don't know is it malicious or not. Otherwise, we can meet new powerful
IT> e-mail worm.
Rewriting filtering systems for rejecting malformed mail couldn't be good
decision in all situations. Some mailing lists (debian-russian, for example)
add some 7bit information after letter body while re-forwarding, regardless
of was the letter base64/QP encoded or not, resulting of such malformed
mail (and if your mail server recodes all 8bit mail to base64, you have no
way to write to those mail lists without creating malformed mail at
result).
So I think that the right solution (before antivirus software would be
rewritten) is to write filters by yourself - decode base64 as that do
popular mail clients and give them to antivirus.
Of course, it's somehow more hard than just filtering up all those
letters.
--
Sincerely yours, Alexander Ogol, happy GNU/Linux user.
Powered by blists - more mailing lists