Re: [suse-security] MS Word Docs hosts security relevant metadata
Sven Michels
Michael Appeldorn wrote:
Of course the MTA will do this jobs cauze it handles all the mails.
it's not the job of an MTA to convert attachments! MTA means Mail TRANSFER agent, not MMA (Mail Manipulation Agent) or so...
This is splitting hairs. The various RFCs for mail and MIME acknowledge that specific MTAs termed Gateways may modify messages... for better or worse. MIME makes special provision for gateways which may split a large message into smaller messages for transport (message/partial).. presumably another gateway can reassemble these fragments, this does not have to be left to the mail client software. I note that your mail is scanned by AMaViS:
Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS (intraDAT modified)
The overall intent of the RFCs is that mail should transit the network "unchanged", but the explicit declaration of a mechanism for fragmenting messages should make it clear that the intent is for end-to-end integrity. So that applies to MDAs as well as MTAs. But if the intent is end-to-end integrity, then let's say your virus-scanning occurs before the mail ever meets an SMTP server, or after it leaves the final spool: it still violates that intent! This is obviously unrealistic. Mail needs to be altered at various stages for exigent as well as historical reasons. If it makes you feel better to call an MTA which "edits" e-mail a gateway, then do so. If you feel that formalized headers would make this process less error-prone, and you can get a significant cadre to agree with you on the format and semantics of those headers, then submit an RFC. I suggest that if your intent is to honor the RFCs to their fullest intent, then something along the lines of including the original content in a MIME part of a type such as Content-Type: message/x-virus; reason=AMaVIS would seem to be the honorable thing to do... but I'm probably wrong. ;-) For the record: I filter my incoming mail quite heavily, using a perl/procmail script which rewrites and even drops certain MIME parts. (Sorry, this is not a specific issue to SuSE or Linux. You might look at the procmail mailing list for discussion of this and related issues.) -- Fred Morris m3047@inwa.net
participants (1)
-
m3047@inwa.net