396377 - vCard sometimes cause heuristic scanners to generate a false positive

Status: RESOLVED FIXED

(MailNews Core :: Attachments, defect)

Description

[Ian Neal]

Steps to reproduce:
1/ Have an email address in the form of first.second@your.domain.com
2/ Create a vCard and set it to be attached to all out going email
3/ Send an email to someone with a heuristic scanner component to their AV

Expect result
1/ Email gets delivered

Actual result
1/ Email gets bounced back with messages saying it is a possible virus

Looking at the actual bounce message shows the heuristic scanner does not like attachments with more than one dot in as it thinks it has a double extension.
In theory should ask AV makers to make their heuristic scanners more intelligent i.e. anything ending .vcf is unlikely to be infected but in practise might be easier to make mailnews just not put dots in the filename of the vCard.

Workaround
1/ Get user to switch off vCard for emails sent to people with such AV heuristic scanners.

Comment 1

[Ian Neal]

Relevant code is at http://lxr.mozilla.org/seamonkey/source/mailnews/compose/src/nsMsgCompose.cpp#1206
Should be just a matter of applying something like .ReplaceChar('.', '_')

Comment 2

[Ian Neal]

Attachment: Add ReplaceChar patch v0.1

This patch:
* Adds a .ReplaceChar to change dots to underscores for filename of vCard attachment

Comment 3

[neil@parkwaycc.co.uk]

Comment on attachment 281150 [details] [diff] [review]
Add ReplaceChar patch v0.1

Looks reasonable to me.

Comment 4

[David :Bienvenu]

Comment on attachment 281150 [details] [diff] [review]
Add ReplaceChar patch v0.1

so, instead of referencing the bug # in the comment, I think it's nicer to just spell out the problem in place.

Comment 5

[Ian Neal]

Attachment: Patch with revised comment v0.1a (Checked into trunk and 1.8 branch)

Revised comment to include the reason rather than the bug number.
Carrying forward r/sr= and requesting branch approval for a very low risk patch that works round an annoying bug with some heuristic scanners

Comment 6

[Ian Neal]

Comment on attachment 281566 [details] [diff] [review]
Patch with revised comment v0.1a (Checked into trunk and 1.8 branch)

Checking in (trunk)
nsMsgCompose.cpp;
new revision: 1.529; previous revision: 1.528
done

Comment 7

[Robert Kaiser]

Comment on attachment 281566 [details] [diff] [review]
Patch with revised comment v0.1a (Checked into trunk and 1.8 branch)

As this is MailNews-only and is code shared between our different mail apps, requesting thunderbird approval instead of core approval is better.
For the record, I consider this a-seamonkey1.1.5=me as a SeaMonkey Council member (IanN) is the requestee of the 1.8.1.8 approval.

Comment 8

[Scott MacGregor]

Comment on attachment 281566 [details] [diff] [review]
Patch with revised comment v0.1a (Checked into trunk and 1.8 branch)

a=mscott for 1.8.1.8 if we can get this landed ASAP. The code freeze for 1.8.1.8 is right around the corner.

Comment 9

[Ian Neal]

Comment on attachment 281566 [details] [diff] [review]
Patch with revised comment v0.1a (Checked into trunk and 1.8 branch)

Checking in (1.8 branch)
nsMsgCompose.cpp;
new revision: 1.460.2.34; previous revision: 1.460.2.33
done