Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ripMIME>
  3. general
paranoid option
alex at gossamer-threads
Mar 8, 2004, 9:20 AM
Post #1 of 4 (2932 views)
Permalink
Hi,

We have a program that decodes incoming email using ripmime and sends it
off to clamav for virus scanning. The decoding section looks like:

MIME_init();
LOGGER_set_output_mode(_LOGGER_STDERR);
MIME_set_uniquenames(1);
MIME_set_header_longsearch(1);
MIME_set_paranoid(1);
MIMEH_set_outputdir(q->tmpdir);
MIME_unpack(q->tmpdir, q->tmpfile, 0);
MIME_close();

Recently we saw an error in our clam daemon:

Mon Mar 8 03:01:07 2004 [15381] [critical] Could not untaint 'È«³ÌÐÄÀíÎÀÉúÑо¿Ëù£¨ÐÄÀí×Éѯ£©.doc'

Shouldn't MIME_set_paranoid(1) force 7 bit names? Also, is there a way
to just force naming of files to just say 1, 2, 3, ...? In this case, we
don't care at all about the name, just want it extracted.

Cheers,

Alex
Re: paranoid option [ In reply to ]
pldaniels at pldaniels
Mar 8, 2004, 6:31 PM
Post #2 of 4 (2811 views)
Permalink
Alex,

> Mon Mar 8 03:01:07 2004 [15381] [critical] Could not untaint 'È«³ÌÐÄÀíÎÀÉúÑо¿Ëù£¨ÐÄÀí×Éѯ£©.doc'
>
> Shouldn't MIME_set_paranoid(1) force 7 bit names? Also, is there a way

No way of obtaining that mailpack is there? Looks like the filename was generated by not passed to the FNFILTER module.

Is the error from the clam daemon about the filename, or about the contents?

> to just force naming of files to just say 1, 2, 3, ...? In this case, we
> don't care at all about the name, just want it extracted.

I haven't got anything like that yet, it could be possible to do - though it would require another change to the source
code.

Regards.

--
Paul L Daniels - PLD Software - Xamime
Unix systems Internet Development A.B.N. 19 500 721 806
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
PGP Public Key at http://www.pldaniels.com/gpg-keys.pld
Re: paranoid option [ In reply to ]
alex at gossamer-threads
Mar 9, 2004, 9:55 AM
Post #3 of 4 (2816 views)
Permalink
Hi Paul,

> > Mon Mar 8 03:01:07 2004 [15381] [critical] Could not untaint 'È«³ÌÐÄÀíÎÀÉúÑо¿Ëù£¨ÐÄÀí×Éѯ£©.doc'
> >
> > Shouldn't MIME_set_paranoid(1) force 7 bit names? Also, is there a way
>
> No way of obtaining that mailpack is there? Looks like the filename was
> generated by not passed to the FNFILTER module.

Not for that one unfortunately. We've modified the daemon so if it sees
an invalid name again, it will save the original message.

> Is the error from the clam daemon about the filename, or about the contents?

It's about the filename.

> > to just force naming of files to just say 1, 2, 3, ...? In this case, we
> > don't care at all about the name, just want it extracted.
>
> I haven't got anything like that yet, it could be possible to do -
> though it would require another change to the source code.

Would you be interested in a patch that does this? If so, any tips on
how you would want it implemented?

Cheers,

Alex
Re: paranoid option [ In reply to ]
alex at gossamer-threads
Mar 9, 2004, 12:57 PM
Post #4 of 4 (2809 views)
Permalink
Hi Paul,

> > Shouldn't MIME_set_paranoid(1) force 7 bit names? Also, is there a way
>
> No way of obtaining that mailpack is there? Looks like the filename was
> generated by not passed to the FNFILTER module.

Here's a reproducable case. Grab this piece of spam at:

http://www.gossamer-threads.com/ripmime.txt

and then:

[alex@gossamer tmp]$ ./ripmime-1.3.1.0/ripmime -i ripmime.txt -d foo/ --paranoid
[alex@gossamer tmp]$ ls foo/
textfile0 textfile1 Èí¼þÔ´ÂëÇåµ¥.txt
[alex@gossamer tmp]$

Cheers,

Alex

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal