Next message: Michal Weinfurtner: "Bug in EncodeHeader sub routine."
Hi,
We are using Anomy sanitizer v1.69 with F-prot to scan incoming mail for
virus's
On the whole this is working well
However sometimes messages are coming through 'blank' by the time outlook /
exchange has played with them.
It has take a little time to track down but I have found the cause (or least
the step where it is occurring) is when the messages are being scanned.
This happens on messages which are multipart messages but are marked as
Quoted-Printable in the header.
As far as I can tell this isn't correct however there are several sources
that send mail like this and it would be nice if I could receive them.
The problem is Anomy sanitizer (or F-prot although I don't think its this)
is deciding to try and 'correct' the message.
So:
Content-Transfer-Encoding: Quoted-Printable
MIME-Version: 1.0
X-Mailer: JMail 4.1.0 Free Version by Dimac
Content-Type: multipart/mixed;
boundary="--NEXT_BM_7506A5A9E715416B8828A2472A03DFAB"
This is a multipart message in MIME format.
----NEXT_BM_7506A5A9E715416B8828A2472A03DFAB
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: Quoted-Printable
***This is an automated email=2E Please do not reply***
Becomes:
Content-Transfer-Encoding: Quoted-Printable
MIME-Version: 1.0
X-Mailer: JMail 4.1.0 Free Version by Dimac
Content-Type: multipart/mixed;
boundary="--NEXT_BM_7506A5A9E715416B8828A2472A03DFAB"
X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com)
This is a multipart message in MIME format.
----NEXT_BM_7506A5A9E715416B8828A2472A03DFAB=0A=
Content-Type: text/plain;=0A
charset=3D"iso-8859-1"=0AContent-Transfer-Enco=
ding: Quoted-Printable=0A=0A=
***This is an automated email. Please do not reply***
Note this is snipped the full example is attached,
Well it would be attached but I am unsure on the lists policy on attachments
so its at:
http://www.garytunstall.co.uk/mail.tar.gz
Its only ~24k in size
The file 09042005.101703.1.2405.bf.tmp is the original file after the server
accepted it
The file 09042005.101703.1.2405.df.tmp was produced by doing
/usr/local/f-prot/tools/scan-mail.pl < 09042005.101703.1.2405.bf.tmp >
09042005.101703.1.2405.df.tmp
This message seems to have been generated by
X-Mailer: JMail 4.1.0 Free Version by Dimac
Another message that had the same problem was sent by
X-mailer: AspQMail 2.0 4.11 (QSM235FCCF)
Something has added =0A= and played around with the other line of the
multipart boundary.
Although as I say I am not convinced the original message should have the QP
type in the primary header I also can't see why the scanner should try and
'correct' the message.
The problem is after it has been doctored Exchange and Outlook (possibly
other I haven't checked) don't interpret the message as QP and so can't find
the multipart boundary and just display a blank message.
Is this a problem that could be looked at and pottentially worked around in
sanitizer?
Regards
Gary
