How can I reject malformed mime messages?

  1. Home
  2. Knowledge Base
  3. GMS
  4. How can I reject malformed mime messages?

Question

Malformed mime content is often used to try and bypass the ability of anti virus software to correctly identify viruses in messages. I would like to be able to reject messages that contain malformed mime content to further protect my server from potential threats. How do I do this?

Answer

The latest release of GMS Anti-Spam provides the ability to look for and reject messages that contain malformed mime content. A new variable has been introduced to control this behaviour called MessageQualityMask. The variable can be set at both System and Domain levels. This variable holds a bitmask of values corresponding to the table below.

Bit Value
0 Message lines not terminated by CRLF
1 Message line length exceeds RFC2822 limits
2 Attachment name is too long
3 Suspicious attachment name
4 CLSID in attachment name
5 UUEncode begin in subject
6 UUEncode begin incomplete
7 UUEncode data with blank lines
8 UUEncode data with spaces
9 UUEncode data line too long
10 UUEncode data invalid
11 UUEncode data invalid decode
12 Base64 encoding of inline text
13 Base64 data invalid
14 Base64 data invalid length
15 Base64 data has leading "=" signs
16 Base64 data has too many "=" signs
17 Base64 data after end of decode
18 Base64 data line too long
19 Binhex data in text section
20 Binhex data invalid
21 MIME no final boundary
22 8 bit characters in header field
23 MIME partial message fragment
24 MIME invalid fieldname format
25 MIME invalid message/rfc822 content type
26 MIME comment detected
27 MIME Prologue Data detected
28 HMTL CID link detected
This list is likely to be expanded as new vulnerabilities are discovered

So for example, to reject messages containing mime sections where "Message lines not terminated by CRLF" and where "CLSID in attachment name" you would need to set both bit 1 and bit 5 on. That is set the variable to a value of 34 (100010 in binary).

From build 3136 onwards, these options can be configured from the Message Quality section of the GMS Anti-Spam interface. Prior to build 3136, there is no configuration interface for this facility, so the variable must be set via the Support > System or Support > Domain variables pages.

This facility is not available on systems running VSM.

See Also:

Keywords:reject malformed mime messages x-defects defects defect

Was this article helpful?

Related Articles