Closed Bug 277913 Opened 20 years ago Closed 20 years ago

Inline-Forward of message with unnamed RFC822 attachment unnecessarily adds name to the headers: (null).eml

Categories

(MailNews Core :: Composition, defect)

Product:
MailNews Core
Component:
Composition
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 188108

People

(Reporter: cryptmaster, Assigned: sspitzer)

Details

See this for full details: http://forums.mozillazine.org/viewtopic.php?t=197607

Attachments from Outlook / Outlook Express exclude names as follows:

--CFAB5367F1.1105106398/postwall04.mweb.co.za 
Content-Description: Undelivered Message 
Content-Type: message/rfc822

Thunderbird will change the above to this:

--------------060206050602050407020101 
Content-Type: message/rfc822; 
name="(null).eml" 
Content-Transfer-Encoding: 7bit 
Content-Disposition: inline; 
filename="(null).eml"

The (null).eml activates most AV scanners at email gateways which block ".eml" 
extensions.

A solution is needed as most users use OE and communicating with them is 
impossible. 

Suggestions : 

1) Change the default to something other than .eml, or allow it to be 
congfigured!
2) Do not alter the header of something you forward, forward it as is!

Stephen
http://www.mozilla.org/quality/bug-writing-guidelines.html

Why did you say "replied" in the summary?  Is there in fact some way you can 
make this happen by replying to a message?  I certainly don't see it; the 
attachments of an original message are not included in the reply.  Far more of 
interest is the mode of forwarding -- this problem only happens using Forward 
Inline, not Forward as Attachment.

> 2) Do not alter the header of something you forward, forward it as is!

This is a reasonable expectation; confirming.


Problem also occurs with Mozilla MailNews, moving to Core.


I do not believe "most" virus scanners reject messages with .EML extensions; 
certainly my two ISPs do not, as I discovered while testing for this bug.  
There is nothing inherently dangerous about such attachments.  If you can find 
documentation to the contrary, I'd be curious to see it; you should probably 
contact the ISP that is causing this problem and ask them to review whether they 
really want to reject on that basis (and whether that, in fact, is the problem).
Assignee: mscott → sspitzer
Severity: major → minor
Status: UNCONFIRMED → NEW
Component: Message Compose Window → MailNews: Composition
Ever confirmed: true
OS: Windows XP → All
Product: Thunderbird → Core
Hardware: PC → All
Summary: Forwarded/Replied Attachments without names are altered in a manner which causes emails to be flagged by AV Software → Inline-Forward of message with unnamed RFC822 attachment unnecessarily adds name to the headers: (null).eml
Version: 1.0 → 1.0 Branch
Regarding ".emls" being dangerous. Unpatched outlook products automatically run 
scripts attached or embedded in emls. See the following links for an example 
virus which spreads via ".eml", and which could prompt ISPs to block .emls.

http://www.grisoft.com/virbase/virbase.php?
lng=us&action=search&style=simple&qsearch=hledej&qvirus_name=nimda
http://www.s-cop.com/virus-details.asp?selectID=99

Without polling all ISPs I cant say how many block .emls, but I estimate that 
70-80% of the people I correspond with in the UK and South Africa get bounced 
when the attachments are included (or rather forwarded by TB).

As for replies, I am sure it happens with them too. But I dont have any examples 
right now, I will try to generate some. In mean time just assume its forward 
only. 




(In reply to comment #2)
> Regarding ".emls" being dangerous. Unpatched outlook products automatically
> run scripts attached or embedded in emls. See the following links for an
> example virus which spreads via ".eml"

You are misreading those virus descriptions.  Yes, Nimda writes a bunch of .EML 
files to the infected system's disk; it does not send those same files out as 
attachments.  The description at the Grisoft page states that Nimda "comes in an 
e-mail as an attached file README.EXE."
Version: 1.0 Branch → Trunk
>You are misreading those virus descriptions.  Yes, Nimda writes a bunch of .EML 
>files to the infected system's disk; it does not send those same files out as 
>attachments.  The description at the Grisoft page states that Nimda "comes in 
>an 
>e-mail as an attached file README.EXE."

I dont claim to be an expert on virus's, so I you could well be right. All I can 
say for certain is I do get bounces which complain about .eml's. But if you guys 
can fix this so that attachment headers arnt altered it will probably solve the 
issue. Will this be possible ? 


Found an earlier bug about the same thing.

*** This bug has been marked as a duplicate of 188108 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.