Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Minor] Improve mime_types plugin #2852

Merged
merged 2 commits into from Apr 16, 2019

Conversation

Projects
None yet
2 participants
@spacefreak86
Copy link
Contributor

commented Apr 16, 2019

Hackers sometimes try to hide the filename of an attachment by encoding some characters in HEX (e.g. "attached%2E%62at"). The most e-mail clients would decode this characters and the final filename would be "attached.bat". The mime_types plugin now decodes those characters before determining the file extension.

Additionally, the plugin now uses the higher weighted MIME type, if the detected type differs from the one specified in the Content-Type header, so we are always on the safe side.

spacefreak86 added some commits Apr 15, 2019

[Minor] mime_types: decode hex encoded characters
in filenames to improve file extension detection
[Minor] mime_types: use higher weighted MIME type
if detected MIME type differs from Content-Type header

@spacefreak86 spacefreak86 changed the title Mime types Improve mime_types plugin Apr 16, 2019

@spacefreak86 spacefreak86 changed the title Improve mime_types plugin [Minor] Improve mime_types plugin Apr 16, 2019

@vstakhov

This comment has been minimized.

Copy link
Member

commented Apr 16, 2019

Do you have any samples of such an obfuscation?

@spacefreak86

This comment has been minimized.

Copy link
Contributor Author

commented Apr 16, 2019

Yes, I have seen such obfuscations in the wild.
Additionally, you can get some examples from here: https://www.emailsecuritycheck.net/

This is an example of the mentioned header:

Content-Transfer-Encoding: 7bit
Content-Type: application/x-msdownload;
name0="''attached%2E";
name1="%62";
name2=at
Content-Disposition: attachment;
filename
0*="''attached%2E";
filename1="%62";
filename*2=at

@vstakhov vstakhov merged commit 51746c8 into rspamd:master Apr 16, 2019

1 check failed

continuous-integration/drone/pr the build failed
Details

@spacefreak86 spacefreak86 deleted the spacefreak86:mime_types branch Apr 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.