Question
Malformed mime content is often used to try and bypass the ability of anti virus software to correctly identify viruses in messages. I would like to be able to reject messages that contain malformed mime content to further protect my server from potential threats. How do I do this?
Answer
The latest release of GMS Anti-Spam provides the ability to look for and reject messages that contain malformed mime content. A new variable has been introduced to control this behaviour called MessageQualityMask. The variable can be set at both System and Domain levels. This variable holds a bitmask of values corresponding to the table below.
Bit | Value |
---|---|
0 | Message lines not terminated by CRLF |
1 | Message line length exceeds RFC2822 limits |
2 | Attachment name is too long |
3 | Suspicious attachment name |
4 | CLSID in attachment name |
5 | UUEncode begin in subject |
6 | UUEncode begin incomplete |
7 | UUEncode data with blank lines |
8 | UUEncode data with spaces |
9 | UUEncode data line too long |
10 | UUEncode data invalid |
11 | UUEncode data invalid decode |
12 | Base64 encoding of inline text |
13 | Base64 data invalid |
14 | Base64 data invalid length |
15 | Base64 data has leading "=" signs |
16 | Base64 data has too many "=" signs |
17 | Base64 data after end of decode |
18 | Base64 data line too long |
19 | Binhex data in text section |
20 | Binhex data invalid |
21 | MIME no final boundary |
22 | 8 bit characters in header field |
23 | MIME partial message fragment |
24 | MIME invalid fieldname format |
25 | MIME invalid message/rfc822 content type |
26 | MIME comment detected |
27 | MIME Prologue Data detected |
28 | HMTL CID link detected |
This list is likely to be expanded as new vulnerabilities are discovered |
So for example, to reject messages containing mime sections where "Message lines not terminated by CRLF" and where "CLSID in attachment name" you would need to set both bit 1 and bit 5 on. That is set the variable to a value of 34 (100010 in binary).
From build 3136 onwards, these options can be configured from the Message Quality section of the GMS Anti-Spam interface. Prior to build 3136, there is no configuration interface for this facility, so the variable must be set via the Support > System or Support > Domain variables pages.
This facility is not available on systems running VSM.
See Also:
Keywords:reject malformed mime messages x-defects defects defect