Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] MS Word Docs hosts security relevant metadata
Sven Michels <smichels@xxxxxxxxxxxx> wrote:
>Michael Appeldorn wrote:
>> Of course the MTA will do this jobs cauze it handles all the mails.
>it's not the job of an MTA to convert attachments!
>MTA means Mail TRANSFER agent, not MMA (Mail Manipulation Agent)
>or so...

This is splitting hairs. The various RFCs for mail and MIME acknowledge
that specific MTAs termed Gateways may modify messages... for better or
worse. MIME makes special provision for gateways which may split a large
message into smaller messages for transport (message/partial).. presumably
another gateway can reassemble these fragments, this does not have to be
left to the mail client software.

I note that your mail is scanned by AMaViS:
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>X-Virus-Scanned: by AMaViS (intraDAT modified)

The overall intent of the RFCs is that mail should transit the network
"unchanged", but the explicit declaration of a mechanism for fragmenting
messages should make it clear that the intent is for end-to-end integrity.
So that applies to MDAs as well as MTAs. But if the intent is end-to-end
integrity, then let's say your virus-scanning occurs before the mail ever
meets an SMTP server, or after it leaves the final spool: it still violates
that intent!

This is obviously unrealistic. Mail needs to be altered at various stages
for exigent as well as historical reasons.

If it makes you feel better to call an MTA which "edits" e-mail a gateway,
then do so. If you feel that formalized headers would make this process
less error-prone, and you can get a significant cadre to agree with you on
the format and semantics of those headers, then submit an RFC. I suggest
that if your intent is to honor the RFCs to their fullest intent, then
something along the lines of including the original content in a MIME part
of a type such as Content-Type: message/x-virus; reason=AMaVIS would seem
to be the honorable thing to do... but I'm probably wrong. ;-)

For the record: I filter my incoming mail quite heavily, using a
perl/procmail script which rewrites and even drops certain MIME parts.

(Sorry, this is not a specific issue to SuSE or Linux. You might look at
the procmail mailing list for discussion of this and related issues.)


Fred Morris

< Previous Next >
This Thread
  • No further messages