On Mon, Sep 06, 2004 at 12:03:54PM +0930, Wilkinson, Alex wrote: > Correct me if I'm wrong, but I thought that a message is assigned a > particular MIME-type based upon what is in your mime-type file. No, that's not right, exactly. The mime.types file can be used to identify the MIME type of a file by applications which have no other way to determine that information, but e-mail is not such an application. MIME is a standard defined by a set of RFCs, which defines a method for sending non-ascii data formats via e-mail. It provides for a Content-Type field, which is what tells your mailer the MIME type of any MIME attachment. Your mailer should use that to determine what the file type is. There are some mailers (such as those profered by a certain entity in western USA) which ignore the MIME type specified in the mail message, and do their own thing (acting either on the file name, or worse yet on the actual contents of the message attachment). But this approach is unwise, resulting in various kinds of security problems. Namely, the user makes a decision whether to open a particular document based on a number of factors, including the MIME type specified by the message, but their mailer circumvents their decision by being too smart. In other words, the user may see that the MIME type secified is image/jpeg and decide to view it, but OE will detect that the file is actually an executable and run the program, instead of trying to display it as a JPEG image. The end result is that your system is probably compromised by some sort of malware. Mutt gets it right. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpdRkgC63mPy.pgp
Description: PGP signature