Reject Bad Body Lines

One form of virus that spread rapidly during the writing of this book looked, in part, like this:

--K342Sj044MoQ0E0dh90A9n2Md066lL7
Content-Type: audio/x-wav;
        name=na tla.exe
Content-Transfer-Encoding: base64
Content-ID: <GxPtp514A04SX3089G>

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g
RE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn
GbNm+BOzPucAs1X4E7Nc+BKzJfgTs7TnGLNO+BOz5P4Vs134E7NSaWNoXPgTswAAAAAAAAAA
 etc. for many lines

This message body could be easily screened and rejected using the MILTER interface (Section 7.6) supplied with sendmail. Some sites, however, do not run versions of Unix that support POSIX threads (pthreads). At such sites, the MILTER interface is not available, so instead such screening must be done inside the checkcompat( ) routine.

The method we chose to illustrate here is based on the idea that parts of a message are separated from the headers, and from each other, by one or more blank likes:

Content-ID: <GxPtp514A04SX3089G>
                                   a blank line
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

By looking at just the first line of each part, we should be able to determine if the message should be rejected. To perform this examination, we decided to arbitrarily limit the length of the line we examine to the first 15 characters.[2]

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...

Get Sendmail, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.