[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030924090943.A6330@obelix.frop.org>
Date: Wed, 24 Sep 2003 09:09:43 +0200
From: Christian Vogel <chris@...lix.hedonism.cx>
To: Alexander Ogol <sanyok_nospam@...physoft.org.ua>
Cc: bugtraq@...urityfocus.com
Subject: Re: base64
Hi,
On Tue, Sep 23, 2003 at 07:50:56PM +0300, Alexander Ogol wrote:
> decision in all situations. Some mailing lists (debian-russian, for example)
> add some 7bit information after letter body while re-forwarding, regardless
> of was the letter base64/QP encoded or not, resulting of such malformed
Then this software is severly broken (MIME-wise), imho, and needs to be
updated/changed/dumed.
> So I think that the right solution (before antivirus software would be
> rewritten) is to write filters by yourself - decode base64 as that do
> popular mail clients and give them to antivirus.
With this approach, you are always on the "one step behind" side of
the problem. It's only a matter of time that someone finds out that
(made up example:) you can use a UTF8-mis-encoded "=" in Microsoft's
base64-decoder... The only sane way is to check if it's in the
standard-form ("abcABC=") and reject or convert if it's not.
99.99% of all software should create the standard form, so please
let the tiny fraction of users with broken software suffer
when their mails get rejected.
(Note: this of course applies not only to Base64 but to all aspects
of header-parsing, file-format guessing etc...)
Chris
--
01234567 <- The amazing* indent-o-meter!
^ (*: Indent-o-meter may not actually amaze.)
-- stolen from Nick Moffitt nick(at)zork.net
Powered by blists - more mailing lists