attachments and binary data
Matthias Andree
matthias.andree at gmx.de
Sat Nov 27 00:41:44 CET 2004
David Relson <relson at osagesoftware.com> writes:
> We could get fancy and have the lexer call a function with the filename
> and have the function return 'keep' if there's a text related extension
> or 'discard' if it looks like a binary file. However, as mentioned
> elsewhere, in my archive (with 2 yrs of messages) there are only 6
> references to "begin 666" and 3 of those are from Oct 2003 -- the other
> time Evgeny reported this problem. It doesn't look like an important
> issue to me (though he might disagree).
UUEncode isn't too common nowadays. If it's really pathological (and I
can imagine that flexer spends some time backing out of rules it cannot
match), we may need to hack our MIME parser to support all this, but I
need more about the "size" of the problem. We shouldn't leave DoS attack
vectors lying around, and I'm not decided if the MIME parser or the
lexer is the right place to fix this. I presume some hand-coded stuff in
the MIME parser is a better idea as we have complexity under our own
control there.
--
Matthias Andree
More information about the bogofilter-dev
mailing list