[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: base64

To: Bennett Todd <bet@xxxxxxxxx>
Subject: Re: base64
From: MightyE <trash@xxxxxxxxxxx>
Date: Thu, 25 Sep 2003 14:21:41 -0400

This is a remarkably good and simple approach (thus I'm a bit abashed that I didn't think of it), and permits liberal acceptance, with out exposing the user to a targeted intentional malformation of base64 encoded data. Accept all mis formed data, make a best guest as to what it is (or follow RFC on how to handle this where applicable), check the result, and pending acceptance, write it to the user's mail file, in its newly interpreted form.

Eric Stevens
mightye a@t mightye d.o.t org

Bennett Todd wrote:

2003-09-25T09:06:58 MightyE:

There are two methods which you can use in the writing of your email virus scanner; you can either decode it every known way that any client does so, [...] Alternatively you can accept it only if it is properly encoded, [...]


There's a third method, which I think is rather better than either
of those.

You can re-code everything into a canonical form. Some email client
drop some punctuation characters in filenames? Delete all such
characters from filenames. Different tools handle various i18n
encoded filenames differently? Map to US-ASCII. Enforce length
limits. Recode base64. Recode uuencoded chunks. Regularize
non-standard MIME.

Do all this canonicalization before the message hits your
attachment type policy enforcement and malware scanner, so they only
have to deal with the common forms that everybody handles the same.

-Bennett

References:
- Re: base64
  - From: MightyE
- Re: base64
  - From: MightyE
- Re: base64
  - From: Bennett Todd

Prev by Date: RE: Does VeriSign's SiteFinder service violate the ECPA?
Next by Date: Re: LanSuite 2003 - Multiple Vulnerabilities
Previous by thread: Re: base64
Next by thread: Re: base64
Index(es):
- Date
- Thread