Prev: err.io.short_read
Next: Export to Excel (as a REAL excel file)
From: burkep on 2 Feb 2007 16:11
Hello,

I have created a multipart message using cfmail and cfmailpart, there's a text
part and an html part that includes inline images. The messages are being
caught by our email antivirus (declude). The antivirus message states that the
message contains "the [Outlook 'Space Gap' Vulnerability]"

The vulnerability can be defined as:

This vulnerability occurs when there is a space in one of the MIME
headers where there is not normally a space (such as "Content-Type
:" instead of "Content-Type:"). This is not RFC-compliant, but
Outlook will treat it as valid and be able to see a virus that
virus scanners will not usually see. There is no legitimate reason
for an email to be formed like this.

When I look at the source of the email message, it appears that coldfusion
does the following to the mime headers:

Mime-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_401935_27323735.1170444413143"

I think the newline and tab before the boundry declaration are creating the
problem.

Any help would be much apprecitated.

thanks.


From: burkep on 2 Feb 2007 20:28
Figured it out. There was a space in the file name of one of the inline images.:beer;
 | 
Pages: 1
Prev: err.io.short_read
Next: Export to Excel (as a REAL excel file)