'Re: Mail content splitting'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-tech
Subject:    Re: Mail content splitting
From:       Mark Martinec <Mark.Martinec () ijs ! si>
Date:       2006-12-22 0:03:12
Message-ID: 200612220103.13349.Mark.Martinec () ijs ! si
[Download RAW message or body]

Sebastian,

> I have a rather strange question about amavis which you guys hopefully
> might be able to answer. Is there a way of changing the way amavis
> splits up mails to different parts?
> The reason why I am asking is I would like to test the behaviour
> of a particular virus scanner when it comes to special file names.
> Consider the following example (excerpt from a test mail):
>   Message-Id: <20061218221543.94B527ED5@localhost.localdomain>
>   Content-Disposition: attachment; filename="test1234.jpg"
> What I need to do is to pass on the *exact* filename as defined in this
> section (here: test1234.jpg) to the virus scanner (without any tampering
> by amavis). Is there any way to make amavis behave like this?

I'll try to answer for amavisd-new: when mail is split up to parts,
these parts are stored to files with generated names, regardless of
what the 'suggested' file name in MIME type or archive member name
says. These generated filenames are always named p001, p002, etc,
which is also what each virus scanner sees.

The original (suggested) file names in all their forms are available 
for 'banned' checks, but are never given to AV or spam scanners in
their original form.

I guess this is not the answer you are looking for. It is currently
not possible with amavisd-new to give original file names to decoded
parts (without modifying code) - for various reasons: there may be
multiple possible file names available for each part (e.g. MIME: 'filename'
and 'name' attributes), there may be a raw as well as encoded file name
interpretations, or suggested file name may not be representable on
a given file system (e.g. too long or using 'reserved' characters
like '/' or null, which could be misinterpreted by a virus scanner).
One reason is also security, although this one is less important
now when there is no chance a shell would see decoded parts.

  Mark

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-tech mailing list
AMaViS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-tech
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic