The Annoyance Filter.pdf - Fourmilab
The Annoyance Filter.pdf - Fourmilab
The Annoyance Filter.pdf - Fourmilab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
132 MAIL FOLDER ANNOYANCE-FILTER §155<br />
155. We have decoders for certain application file types. Check the Content−Type for types we can<br />
decode, and if it’s indeed one we can, splice the appropriate decoder into the pipeline.<br />
〈 Check for application file types for which we have a decoder 155 〉 ≡<br />
#ifdef HAVE_PDF_DECODER<br />
if (mimeContentType ≡ "application/<strong>pdf</strong>") {<br />
asp = &aspPdf ;<br />
}<br />
else<br />
#endif<br />
if ((mimeContentType ≡ "application/x−shockwave−flash") ∨ (mimeContentType ≡<br />
"image/vnd.rn−realflash")) {<br />
asp = &aspFlash ;<br />
}<br />
if (asp ≠ Λ) {<br />
asp ⃗ setMailFolder (this);<br />
if (Annotate (’d’)) {<br />
ostringstream os ;<br />
}<br />
}<br />
os ≪ "Activating␣" ≪ asp ⃗ name ( ) ≪ "␣application␣file␣decoder.";<br />
reportParserDiagnostic(os );<br />
This code is used in section 153.<br />
156. Certain MIME Content−Type declarations denote binary files best classified by parsing them<br />
for ASCII strings. Test for such files and invoke the requisite decoder unless binary stream parsing has<br />
been disabled by setting streamMinTokenLength to zero or the file is already scheduled for parsing by<br />
an application-specific string parser.<br />
Thanks to a hideous design error in Microsoft Outlook, mail worms can spoof the test for executable<br />
content by declaring an attachment as an innocuous file type such an image or audio file, and then<br />
cause it to be executed simply by specifying a file name with one of the many Microsoft executable file<br />
extensions. We check for such spoofed attachments and pass them through the byte stream parser as<br />
well.<br />
〈 Detect binary parts worth parsing for embedded ASCII strings 156 〉 ≡<br />
if ((asp ≡ Λ) ∧ (streamMinTokenLength > 0) ∧ ((mimeContentType .substr (0,<br />
12) ≡ "application/") ∨ (((mimeContentType .substr (0,<br />
6) ≡ "audio/") ∨ (mimeContentType .substr (0,<br />
6) ≡ "image/")) ∧ (isSpoofedExecutableFileExtension (mimeContentTypeName ) ∨<br />
isSpoofedExecutableFileExtension (mimeContentDispositionFilename ))))) { /∗ cout ¡¡ ”* *<br />
* Content-type name = ¨” ¡¡ mimeContentTypeName ¡¡ ”¨” ¡¡ endl; ∗/ /∗ cout ¡¡ ”* * *<br />
Content-Disposition filename = ¨” ¡¡ mimeContentDispositionFilename ¡¡ ”¨” ¡¡ endl; ∗/<br />
if (Annotate (’d’)) {<br />
ostringstream os ;<br />
}<br />
os ≪ "Activating␣byte␣stream␣parser␣for␣\"" ≪ mimeContentType ≪ "\"";<br />
reportParserDiagnostic(os );<br />
}<br />
byteStream = true ;<br />
This code is used in section 153.