You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by decoder <de...@own-hero.net> on 2006/08/08 11:51:21 UTC
Broken images in mails
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello there,
as I recently mentioned in the FuzzyOcr Thread, I found quite a lot
mails that contain broken or corrupted gifs.
I found one type that lets convert calculate extremely long and then
fails, but with giftopnm it works after it spits out some errors.
The other type doesn't work with both, they both say the image is
corrupted and don't convert anything, but my browser is fully able to
view it. (And yes, I made sure these are really gifs, file says so)
Here's an example:
samples # giftopnm viagra2.gif
giftopnm: EOF or error reading data portion of 194 byte DataBlock from
file
samples # convert viagra2.gif pnm:-
convert: Corrupt image `viagra2.gif'.
samples # file viagra2.gif
viagra2.gif: GIF image data, version 89a, 353 x 262
But I can view it perfectly. Does anyone know what this could be
caused by and a tool which can reliably convert these to pnm?
Another question that I would have in mind is, if that was intended to
happen...
Best regards
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE2F6ZJQIKXnJyDxURAlAqAJwPEvWVasgljWXaXSMty79MmSEMcwCbBp2I
DxU9fM/qCWQPgMVp/2lGSXI=
=AZAd
-----END PGP SIGNATURE-----
Re: Broken images in mails
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Tuesday, August 08, 2006 11:51 AM +0200 decoder <de...@own-hero.net>
wrote:
> as I recently mentioned in the FuzzyOcr Thread, I found quite a lot
> mails that contain broken or corrupted gifs.
Until we have a better answer, I'd reject anything with an unrecognizable
format. It might be an attempt to exploit an overflow bug in an older copy
of IE.
Similarly, I'm a fan of validating HTML and rejecting broken stuff, but
that would reject a lot of stuff created by MS software. OTOH....
Re: Discourage broken content (was: Broken images in mails)
Posted by John Andersen <js...@pen.homeip.net>.
On Friday 25 August 2006 11:20, Kenneth Porter wrote:
> We need to stop giving a free pass to broken content creation software just
> because it's popular. When someone sends you broken content, you should
> react the same way you would if they sent you documents on dirt-smeared
> paper. Stop letting your emperor walk around naked.
Actually there is very little broken content IMAGE software out there in any
modern mailer, even microsoft crapware does not break images. The image
corruption is intentional, and may be malicious (not JUST spam).
So I agree with you there.
Broken html is another issue, because there is broken, and there is simply
lame (lazy) html. Which of the several versions of the standards are you
going to impose? The agreed upon standards? or the defacto ones?
--
_____________________________________
John Andersen
Re: Broken images in mails
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Logan Shaw wrote:
> On Fri, 25 Aug 2006, Plenz wrote:
>>> Adding a point for corrupted images is sounding better and
>>> better.
>>
>> I disagree. To check out what happens I converted a JPG picture
>> into a GIF file and sent it to myself. One time I converted it
>> with IrfanView and the second time with PaintShop Pro. Both GIF
>> files had the result "giftopnm: EOF or error reading data
>> portion..." So I produced a corrupt (?) image, but it was not
>> spam.
>
> I had similar results. As soon as I installed FuzzyOcr, I saw a
> whole series of legit messages the log going back and forth between
> two users, all getting FUZZY_OCR_CORRUPT_IMG. I didn't look at the
> messages, but one assumes they were somebody's e-mail signature
> with a GIF in it or something.
>
> Ideally, users wouldn't include corrupt images in messages, but it
> does happen, so I thought a score of 3.0 for FUZZY_OCR_CORRUPT_IMG
> was too harsh. I set it to 2.0 at my site. FuzzyOcr is still
> catching the bad stuff, and I feel less nervous that a minor file
> format infraction might cause false positives.
>
> Also, there is the small matter that just because giftopnm doesn't
> recognize it doesn't mean it's invalid. Are we sure that giftopnm
> recognizes 100% of all possible items that occur in GIF files?
The recognition isnt done by giftopnm, but by the giflib... Currently,
FuzzyOcr does the validation check for gifs based on the fact that
giftext and giffix complain to STDERR with "GIF-LIB error: message..."
if a GIF file isn't ok.
I don't know how error prone this check is, it might be too harsh in
validating the gifs, or the tools might be bad, I have no idea. But I
am looking forward to suggestions that make these checks better.
Chris
>
> - Logan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE71TNJQIKXnJyDxURAtc5AKC4YxYGj1XPO3xpQTGytdxqKNgMVQCfbT+k
gj6wnP+BLWskMg5HAWZ0HXs=
=tWKE
-----END PGP SIGNATURE-----
Re: Broken images in mails
Posted by Logan Shaw <ls...@emitinc.com>.
On Fri, 25 Aug 2006, Plenz wrote:
>> Adding a point for corrupted images is sounding better and better.
>
> I disagree. To check out what happens I converted a JPG picture into a GIF
> file
> and sent it to myself. One time I converted it with IrfanView and the second
> time with PaintShop Pro. Both GIF files had the result
> "giftopnm: EOF or error reading data portion..." So I produced a corrupt (?)
> image, but it was not spam.
I had similar results. As soon as I installed FuzzyOcr, I
saw a whole series of legit messages the log going back and
forth between two users, all getting FUZZY_OCR_CORRUPT_IMG.
I didn't look at the messages, but one assumes they were
somebody's e-mail signature with a GIF in it or something.
Ideally, users wouldn't include corrupt images in messages,
but it does happen, so I thought a score of 3.0 for
FUZZY_OCR_CORRUPT_IMG was too harsh. I set it to 2.0 at my
site. FuzzyOcr is still catching the bad stuff, and I feel
less nervous that a minor file format infraction might cause
false positives.
Also, there is the small matter that just because giftopnm
doesn't recognize it doesn't mean it's invalid. Are we sure
that giftopnm recognizes 100% of all possible items that occur
in GIF files?
- Logan
Re: Animated images in mails
Posted by Plenz <pa...@lenz-online.de>.
decoder wrote:
>
> That is what FuzzyOcr does automatically for you :)
Surely... but I don't use Spamassassin, I am using my own program :)
--
View this message in context: http://www.nabble.com/Broken-images-in-mails-tf2071676.html#a6022799
Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Animated images in mails
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Plenz wrote:
>
> decoder wrote:
>> gifasm can split them into multiple files, etc.
>>
>
> Thanks, gifasm works very well. Seems that I only have to choose
> the biggest one of the output files, it contains the text.
That is what FuzzyOcr does automatically for you :) (If you set the
gif frame option in the cf file to a low value... with 1 it will
always be used..)
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE8rskJQIKXnJyDxURAiDsAJ0SuPpt+3SU+CZP6zx2BTrN0CsTawCfWEVf
sEyehX84ZiLrpvV/kTZwGMk=
=Ak2M
-----END PGP SIGNATURE-----
Re: Animated images in mails
Posted by Plenz <pa...@lenz-online.de>.
decoder wrote:
>
> gifasm can split them into multiple files, etc.
>
Thanks, gifasm works very well. Seems that I only have to choose the biggest
one of the output files, it contains the text.
--
View this message in context: http://www.nabble.com/Broken-images-in-mails-tf2071676.html#a6014230
Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Animated images in mails
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Plenz wrote:
> Today I got animated spam. The first frame only with dots an lines, the
> second frame with spam text, the third frame again with dots and lines. The
> duration of the text frame is very long, the others are very short.
>
> Is there a command line utility which can extract animated GIFs?
Various... imagemagick can either extract them or put them into one
image, gifasm can split them into multiple files, etc.
FuzzyOcr utilizies both as needed to scan animated gifs.
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE8CCgJQIKXnJyDxURAtr1AJ4/6ONiWg3t5mQJVt9MUcNpYfY3YACfcXW/
xQ4dD6PpT9CW79pekPvfQQw=
=PU49
-----END PGP SIGNATURE-----
Re: Animated images in mails
Posted by Loren Wilton <lw...@earthlink.net>.
>> Sure. giftopnm will do it. The FuzzyOCR plugin is using some
>> other tool that will also do it, I don't recall what just at the
>> moment.
>>
> giftopnm wont do it as far as I tested it... it only extracts the
> first frame...
giftopnm -image={n|all}
Loren
Re: Animated images in mails
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Loren Wilton wrote:
> Sure. giftopnm will do it. The FuzzyOCR plugin is using some
> other tool that will also do it, I don't recall what just at the
> moment.
>
> Loren
>
giftopnm wont do it as far as I tested it... it only extracts the
first frame...
FuzzyOcr is using two different tests... for few frames, it simples
glues them to one frame using imagemagick,
for many frames, it picks the best and tests that..
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE8YQ9JQIKXnJyDxURAo+eAJ9Wk+gzU2jssvSYK+a8MfFtbiJJbgCgmrpi
4zx5qlGfVPqRqVxO/7HMFIY=
=Xu9s
-----END PGP SIGNATURE-----
Re: Animated images in mails
Posted by Loren Wilton <lw...@earthlink.net>.
Sure. giftopnm will do it. The FuzzyOCR plugin is using some other tool
that will also do it, I don't recall what just at the moment.
Loren
Re: Animated images in mails
Posted by Plenz <pa...@lenz-online.de>.
Today I got animated spam. The first frame only with dots an lines, the
second frame with spam text, the third frame again with dots and lines. The
duration of the text frame is very long, the others are very short.
Is there a command line utility which can extract animated GIFs?
--
View this message in context: http://www.nabble.com/Broken-images-in-mails-tf2071676.html#a5995071
Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Discourage broken content
Posted by jdow <jd...@earthlink.net>.
From: "Kris Deugau" <kd...@vianet.ca>
> John Andersen wrote:
>> Mailscanner
>
> ... or any other mail-handling software...
>
>> has no business changing content.
>
> ... unless you explicitly configure it to do so. (ATTN: AVG for
> Windows POP3/SMTP interface/hook authors, This Means You! Among others.)
Use POP3S. That is MUCH harder to place an AVG man in the middle
rewrite into.
{^_-}
Re: Discourage broken content
Posted by Kris Deugau <kd...@vianet.ca>.
John Andersen wrote:
> Mailscanner
... or any other mail-handling software...
> has no business changing content.
... unless you explicitly configure it to do so. (ATTN: AVG for
Windows POP3/SMTP interface/hook authors, This Means You! Among others.)
-kgd
Re: Discourage broken content
Posted by John Andersen <js...@pen.homeip.net>.
On Friday 25 August 2006 11:24, decoder wrote:
> I've heard that it truncates the mail at 30kb, no matter if that is
> within a MIME block or not... So my plugin gets a broken image..
> though it was not broken originally...
How better to get that fixed than to put them on notice, and
start tagging based on the mere fact that the image is broken.
Mailscanner has no business changing content.
--
_____________________________________
John Andersen
Re: Discourage broken content
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Tuesday, August 29, 2006 9:41 AM +0100 Anthony Peacock
<a....@chime.ucl.ac.uk> wrote:
> This issue is currently being discussed on the MailScanner users list,
> under the Subject "Max SpamAssassin Size problems".
Which can be found here:
<http://lists.mailscanner.info/pipermail/mailscanner/
2006-August/thread.html>
Re: Discourage broken content
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Rick Cooper wrote:
>
>> -----Original Message-----
>> From: decoder [mailto:decoder@own-hero.net]
>> Sent: Friday, August 25, 2006 4:23 PM
>> To: Rick Cooper
>> Cc: users@spamassassin.apache.org
>> Subject: Re: Discourage broken content
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Rick Cooper wrote:
>>>> -----Original Message----- From: decoder
>>>> [mailto:decoder@own-hero.net] Sent: Friday, August 25, 2006 2:24
>>>> PM To: users@spamassassin.apache.org Subject: Re: Discourage
>>>> broken content
>>>>
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> [...]
>>>> I've heard that it truncates the mail at 30kb, no matter if that
>>>> is within a MIME block or not... So my plugin gets a broken
>>>> image.. though it was not broken originally...
>>>>
>>> That is patently false. I have a graphics design/advertising
>>> department at one of my locations and these fellas send huge
>>> graphics files back and forth when they have emergency
>>> proofs/changes and MailScanner has *never* damaged anything, ever,
>>> anywhere. Now, there is a setting for scanning (much like exiscan
>>> IIRCC) that allows you to truncate the message and only scan xxx
>>> amount, it's optional and doesn't modify the actual message in
>>> anyway.
>>>
>>> Rick
>> I did not say it damages the mail. I said it feds only a given amount
>> of the message to SpamAssassin and THAT breaks plugins requiring the
>> whole message, especially when MailScanner breaks messages in the
>> middle of attachments.
>>
>> And as far as I know, it is the default setting of mailscanner to feed
>> only a given amount of kb to SpamAssassin. That does not mean it
>> truncates the message before delivering it.
>>
>
> My apologies, the way I interpreted the original I thought you were saying
> it truncates the email and breaks they message. I will bring this up on the
> Mailscanner list that the default, given the recent image spams, should be
> disabled so the entire message is sent to spam assassin. Before the current
> spat of image spam you could generally tell within 20k or so if a message
> was spam or not, this is not the case in today's world and the entire
> message really should be fed to SA. I have never used the default setting
> myself.
This issue is currently being discussed on the MailScanner users list,
under the Subject "Max SpamAssassin Size problems".
The size limit is configurable
(http://www.mailscanner.info/MailScanner.conf.5.html#SpamAssassin "Max
SpamAssassin Size), so people can raise the size limit or disable it to
get around this issue at the moment.
There is some concern about removing the limit completely, so the
current discussion is about a scheme that checks ahead for a Mime
boundary within a fixed window after the max size value is reached.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
RE: Discourage broken content
Posted by Rick Cooper <rc...@dwford.com>.
> -----Original Message-----
> From: decoder [mailto:decoder@own-hero.net]
> Sent: Friday, August 25, 2006 4:23 PM
> To: Rick Cooper
> Cc: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rick Cooper wrote:
> >
> >> -----Original Message----- From: decoder
> >> [mailto:decoder@own-hero.net] Sent: Friday, August 25, 2006 2:24
> >> PM To: users@spamassassin.apache.org Subject: Re: Discourage
> >> broken content
> >>
> >>
> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[...]
> >>
> >> I've heard that it truncates the mail at 30kb, no matter if that
> >> is within a MIME block or not... So my plugin gets a broken
> >> image.. though it was not broken originally...
> >>
> >
> > That is patently false. I have a graphics design/advertising
> > department at one of my locations and these fellas send huge
> > graphics files back and forth when they have emergency
> > proofs/changes and MailScanner has *never* damaged anything, ever,
> > anywhere. Now, there is a setting for scanning (much like exiscan
> > IIRCC) that allows you to truncate the message and only scan xxx
> > amount, it's optional and doesn't modify the actual message in
> > anyway.
> >
> > Rick
> I did not say it damages the mail. I said it feds only a given amount
> of the message to SpamAssassin and THAT breaks plugins requiring the
> whole message, especially when MailScanner breaks messages in the
> middle of attachments.
>
> And as far as I know, it is the default setting of mailscanner to feed
> only a given amount of kb to SpamAssassin. That does not mean it
> truncates the message before delivering it.
>
My apologies, the way I interpreted the original I thought you were saying
it truncates the email and breaks they message. I will bring this up on the
Mailscanner list that the default, given the recent image spams, should be
disabled so the entire message is sent to spam assassin. Before the current
spat of image spam you could generally tell within 20k or so if a message
was spam or not, this is not the case in today's world and the entire
message really should be fed to SA. I have never used the default setting
myself.
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Discourage broken content
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rick Cooper wrote:
>
>> -----Original Message----- From: decoder
>> [mailto:decoder@own-hero.net] Sent: Friday, August 25, 2006 2:24
>> PM To: users@spamassassin.apache.org Subject: Re: Discourage
>> broken content
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> Kenneth Porter wrote:
>>> --On Friday, August 25, 2006 12:05 AM -0700 Plenz
>>> <pa...@lenz-online.de> wrote:
>>>
>>>> I disagree. To check out what happens I converted a JPG
>>>> picture into a GIF file and sent it to myself. One time I
>>>> converted it with IrfanView and the second time with
>>>> PaintShop Pro. Both GIF files had the result "giftopnm: EOF
>>>> or error reading data portion..." So I produced a corrupt (?)
>>>> image, but it was not spam.
>>> I think we should discourage all broken content in email and on
>>> the web.
>>>
>>> At one time we could assume that broken content was an honest
>>> mistake and make an attempt at fixing it. But with the rise of
>>> malicious content attempting to exploit bugs in content
>>> handlers (like overruns in image libraries), we should simply
>>> reject anything that fails to pass validation, on the
>>> assumption that's it out to get us.
>>>
>>> This includes not just broken images but also broken HTML,
>>> which is so commonly used to conceal spam.
>>>
>>> We need to stop giving a free pass to broken content creation
>>> software just because it's popular. When someone sends you
>>> broken content, you should react the same way you would if they
>>> sent you documents on dirt-smeared paper. Stop letting your
>>> emperor walk around naked.
>> I completely agree, the problem is, some implementations makes
>> this impossible. For example MailScanner.
>>
>> I've heard that it truncates the mail at 30kb, no matter if that
>> is within a MIME block or not... So my plugin gets a broken
>> image.. though it was not broken originally...
>>
>
> That is patently false. I have a graphics design/advertising
> department at one of my locations and these fellas send huge
> graphics files back and forth when they have emergency
> proofs/changes and MailScanner has *never* damaged anything, ever,
> anywhere. Now, there is a setting for scanning (much like exiscan
> IIRCC) that allows you to truncate the message and only scan xxx
> amount, it's optional and doesn't modify the actual message in
> anyway.
>
> Rick
I did not say it damages the mail. I said it feds only a given amount
of the message to SpamAssassin and THAT breaks plugins requiring the
whole message, especially when MailScanner breaks messages in the
middle of attachments.
And as far as I know, it is the default setting of mailscanner to feed
only a given amount of kb to SpamAssassin. That does not mean it
truncates the message before delivering it.
Chris
>
>
> -- This message has been scanned for viruses and dangerous content
> by MailScanner, and is believed to be clean.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE71wLJQIKXnJyDxURAtxUAJ9/O5F4cC/1vlsE6EsRb6vLcepH+ACfcTCA
x4CmnLDyZbUFtAr2kWK9koY=
=Ckpc
-----END PGP SIGNATURE-----
RE: Discourage broken content
Posted by Rick Cooper <rc...@dwford.com>.
> -----Original Message-----
> From: John Andersen [mailto:jsa@pen.homeip.net]
> Sent: Friday, August 25, 2006 4:20 PM
> To: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> On Friday 25 August 2006 12:10, Rick Cooper wrote:
> > That is patently false. I have a graphics design/advertising
> department at
> > one of my locations and these fellas send huge graphics files back and
> > forth when they have emergency proofs/changes and MailScanner
> has *never*
> > damaged anything, ever, anywhere. Now, there is a setting for scanning
> > (much like exiscan IIRCC) that allows you to truncate the
> message and only
> > scan xxx amount, it's optional and doesn't modify the actual message in
> > anyway.
>
> Yes, Rick, that is correct, but the situation under discussion is that
> mailscanner passes a partial file to the spamassassin proceess,
> which in turn
> passes that partial file to the image analysis plugins, which
> decide that the
> image is broken.
>
> Upon being passed by spamassassin, the entire, unchanged mail is sent
> on its way intact by mailscanner.
> Amavis-New does something similar. Shreds mail into
> pieces, launches scanners on the pieces.
>
> The problem is that the spam scanner (and presumably virus
> scanner) plugins
> are being handed partial files. Not a good practice in my view.
>
I misunderstood what decoder was saying. And no, MailScanner doesn't give
the virus scanners partial messages. In fact it goes to great pains to
completely unpack all attachments (including tnef) and sanitize the file
names, etc. The option to give partial messages to SA is due in part to the
historical lack of need to hand a large message to SA to determine ham/spam
and there are/were vulnerabilities in the tnef processing that could be
exploited by very large tnef attachments. Mailscanner currently handles tnef
in a way I doubt there would be a problem and can in fact (optionally)
decode tnef attachments and recreate them as standard attachments that any
mail client can handle. In any event I plan to bring this up on the
MailScanner list and suggest the default behavior should no longer be
handing only a part of the message to SA.
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Discourage broken content
Posted by John Andersen <js...@pen.homeip.net>.
On Friday 25 August 2006 12:10, Rick Cooper wrote:
> That is patently false. I have a graphics design/advertising department at
> one of my locations and these fellas send huge graphics files back and
> forth when they have emergency proofs/changes and MailScanner has *never*
> damaged anything, ever, anywhere. Now, there is a setting for scanning
> (much like exiscan IIRCC) that allows you to truncate the message and only
> scan xxx amount, it's optional and doesn't modify the actual message in
> anyway.
Yes, Rick, that is correct, but the situation under discussion is that
mailscanner passes a partial file to the spamassassin proceess, which in turn
passes that partial file to the image analysis plugins, which decide that the
image is broken.
Upon being passed by spamassassin, the entire, unchanged mail is sent
on its way intact by mailscanner.
Amavis-New does something similar. Shreds mail into
pieces, launches scanners on the pieces.
The problem is that the spam scanner (and presumably virus scanner) plugins
are being handed partial files. Not a good practice in my view.
--
_____________________________________
John Andersen
RE: Discourage broken content
Posted by Rick Cooper <rc...@dwford.com>.
> -----Original Message-----
> From: decoder [mailto:decoder@own-hero.net]
> Sent: Friday, August 25, 2006 2:24 PM
> To: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kenneth Porter wrote:
> > --On Friday, August 25, 2006 12:05 AM -0700 Plenz
> > <pa...@lenz-online.de> wrote:
> >
> >> I disagree. To check out what happens I converted a JPG picture
> >> into a GIF
> >> file
> >> and sent it to myself. One time I converted it with IrfanView and the
> >> second time with PaintShop Pro. Both GIF files had the result
> >> "giftopnm: EOF or error reading data portion..." So I produced a
> >> corrupt
> >> (?) image, but it was not spam.
> >
> > I think we should discourage all broken content in email and on the
> > web.
> >
> > At one time we could assume that broken content was an honest
> > mistake and make an attempt at fixing it. But with the rise of
> > malicious content attempting to exploit bugs in content handlers
> > (like overruns in image libraries), we should simply reject anything
> > that fails to pass validation, on the assumption that's it out to
> > get us.
> >
> > This includes not just broken images but also broken HTML, which is
> > so commonly used to conceal spam.
> >
> > We need to stop giving a free pass to broken content creation
> > software just because it's popular. When someone sends you broken
> > content, you should react the same way you would if they sent you
> > documents on dirt-smeared paper. Stop letting your emperor walk
> > around naked.
>
> I completely agree, the problem is, some implementations makes this
> impossible. For example MailScanner.
>
> I've heard that it truncates the mail at 30kb, no matter if that is
> within a MIME block or not... So my plugin gets a broken image..
> though it was not broken originally...
>
That is patently false. I have a graphics design/advertising department at
one of my locations and these fellas send huge graphics files back and forth
when they have emergency proofs/changes and MailScanner has *never* damaged
anything, ever, anywhere. Now, there is a setting for scanning (much like
exiscan IIRCC) that allows you to truncate the message and only scan xxx
amount, it's optional and doesn't modify the actual message in anyway.
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Discourage broken content
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Logan Shaw wrote:
> On Fri, 25 Aug 2006, enediel gonzalez wrote:
>>> From: decoder <de...@own-hero.net> Kenneth Porter wrote:
>
>>> I completely agree, the problem is, some implementations makes
>>> this impossible. For example MailScanner.
>>>
>>> I've heard that it truncates the mail at 30kb, no matter if
>>> that is within a MIME block or not... So my plugin gets a
>>> broken image.. though it was not broken originally...
>
> Yes, if you leave the default "Max SpamAssassin Size = 30000"
> setting in place, it will do this.
>
>> Could somebody explain to me the reason why MailScanner acts this
>> way?
>
> Performance. The theory, I think, is that if a message is spam,
> there should be some evidence of that in the first 30000 bytes, so
> there is no need to pass the whole message to SpamAssassin.
>
> I think this was a good assumption and a good plan when
> SpamAssassin didn't check a lot of attachments. Now that there are
> plugins which do check attachments, leaving the MIME structure of
> the message intact is more important, but MailScanner hasn't caught
> up with this reality.
I heard that a proposal on letting the MIME structure intact has been
made... so at least if the message was truncated, it wouldn't be
truncated in the middle of an attachment (which would make absolutely
no sense, either you truncate before or after the attachment, a broken
attachment doesnt help anyone and will only cause unnecessary errors)
Chris
>
> Of course, you can always just remove the limitation by changing
> the MailScanner configuration file.
>
>> A good question could be decide if you adapt this plugin to be
>> compatible with MailScanner or tha last one should change this
>> practice.
>
> MailScanner calls SpamAssassin, so no adaptation needed in most
> cases. Unless you are talking about workarounds for issues like
> the above.
>
> - Logan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE71X+JQIKXnJyDxURAnGdAKC2aHFPzyX8lFhhsoSsrIgl+ci6QgCeJO4q
58fKQR01gJE0I/0P2Zpdprw=
=MU3c
-----END PGP SIGNATURE-----
Re: Discourage broken content
Posted by Logan Shaw <ls...@emitinc.com>.
On Fri, 25 Aug 2006, enediel gonzalez wrote:
>> From: decoder <de...@own-hero.net>
>> Kenneth Porter wrote:
>> I completely agree, the problem is, some implementations makes this
>> impossible. For example MailScanner.
>>
>> I've heard that it truncates the mail at 30kb, no matter if that is
>> within a MIME block or not... So my plugin gets a broken image..
>> though it was not broken originally...
Yes, if you leave the default "Max SpamAssassin Size = 30000"
setting in place, it will do this.
> Could somebody explain to me the reason why MailScanner acts this way?
Performance. The theory, I think, is that if a message is spam,
there should be some evidence of that in the first 30000 bytes,
so there is no need to pass the whole message to SpamAssassin.
I think this was a good assumption and a good plan when
SpamAssassin didn't check a lot of attachments. Now that
there are plugins which do check attachments, leaving the
MIME structure of the message intact is more important, but
MailScanner hasn't caught up with this reality.
Of course, you can always just remove the limitation by changing
the MailScanner configuration file.
> A good question could be decide if you adapt this plugin to be compatible
> with MailScanner or tha last one should change this practice.
MailScanner calls SpamAssassin, so no adaptation needed in
most cases. Unless you are talking about workarounds for
issues like the above.
- Logan
Re: Discourage broken content
Posted by enediel gonzalez <en...@hotmail.com>.
>From: decoder <de...@own-hero.net>
>To: users@spamassassin.apache.org
>Subject: Re: Discourage broken content
>Date: Fri, 25 Aug 2006 21:24:14 +0200
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Kenneth Porter wrote:
> > --On Friday, August 25, 2006 12:05 AM -0700 Plenz
> > <pa...@lenz-online.de> wrote:
> >
> >> I disagree. To check out what happens I converted a JPG picture
> >> into a GIF
> >> file
> >> and sent it to myself. One time I converted it with IrfanView and the
> >> second time with PaintShop Pro. Both GIF files had the result
> >> "giftopnm: EOF or error reading data portion..." So I produced a
> >> corrupt
> >> (?) image, but it was not spam.
> >
> > I think we should discourage all broken content in email and on the
> > web.
> >
> > At one time we could assume that broken content was an honest
> > mistake and make an attempt at fixing it. But with the rise of
> > malicious content attempting to exploit bugs in content handlers
> > (like overruns in image libraries), we should simply reject anything
> > that fails to pass validation, on the assumption that's it out to
> > get us.
> >
> > This includes not just broken images but also broken HTML, which is
> > so commonly used to conceal spam.
> >
> > We need to stop giving a free pass to broken content creation
> > software just because it's popular. When someone sends you broken
> > content, you should react the same way you would if they sent you
> > documents on dirt-smeared paper. Stop letting your emperor walk
> > around naked.
>
>I completely agree, the problem is, some implementations makes this
>impossible. For example MailScanner.
>
>I've heard that it truncates the mail at 30kb, no matter if that is
>within a MIME block or not... So my plugin gets a broken image..
>though it was not broken originally...
>
>Chris
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.5 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFE705eJQIKXnJyDxURAiGZAJ4q2f5KIxWjrYN3U6vB4kFhLbZ2igCfVM1l
>n13w21PXoSH7IethDVc3uio=
>=IWPe
>-----END PGP SIGNATURE-----
>
Could somebody explain to me the reason why MailScanner acts this way?
A good question could be decide if you adapt this plugin to be compatible
with MailScanner or tha last one should change this practice.
IMHO, any kind of information included into an email could be revised but
shouldn't be transformed.
greetings
Enediel
Re: Discourage broken content
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kenneth Porter wrote:
> --On Friday, August 25, 2006 12:05 AM -0700 Plenz
> <pa...@lenz-online.de> wrote:
>
>> I disagree. To check out what happens I converted a JPG picture
>> into a GIF
>> file
>> and sent it to myself. One time I converted it with IrfanView and the
>> second time with PaintShop Pro. Both GIF files had the result
>> "giftopnm: EOF or error reading data portion..." So I produced a
>> corrupt
>> (?) image, but it was not spam.
>
> I think we should discourage all broken content in email and on the
> web.
>
> At one time we could assume that broken content was an honest
> mistake and make an attempt at fixing it. But with the rise of
> malicious content attempting to exploit bugs in content handlers
> (like overruns in image libraries), we should simply reject anything
> that fails to pass validation, on the assumption that's it out to
> get us.
>
> This includes not just broken images but also broken HTML, which is
> so commonly used to conceal spam.
>
> We need to stop giving a free pass to broken content creation
> software just because it's popular. When someone sends you broken
> content, you should react the same way you would if they sent you
> documents on dirt-smeared paper. Stop letting your emperor walk
> around naked.
I completely agree, the problem is, some implementations makes this
impossible. For example MailScanner.
I've heard that it truncates the mail at 30kb, no matter if that is
within a MIME block or not... So my plugin gets a broken image..
though it was not broken originally...
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE705eJQIKXnJyDxURAiGZAJ4q2f5KIxWjrYN3U6vB4kFhLbZ2igCfVM1l
n13w21PXoSH7IethDVc3uio=
=IWPe
-----END PGP SIGNATURE-----
Re: Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by "George R. Kasica" <ge...@netwrx1.com>.
>>> I think we should discourage all broken content in email and on the
>>> web.
>>>
>>> At one time we could assume that broken content was an honest
>>> mistake and make an attempt at fixing it. But with the rise of
>>> malicious content attempting to exploit bugs in content handlers
>>> (like overruns in image libraries), we should simply reject
>>> anything that fails to pass validation, on the assumption that's it
>>> out to get us.
>>>
>>> This includes not just broken images but also broken HTML, which is
>>> so commonly used to conceal spam.
>>>
>>> We need to stop giving a free pass to broken content creation
>>> software just because it's popular. When someone sends you broken
>>> content, you should react the same way you would if they sent you
>>> documents on dirt-smeared paper. Stop letting your emperor walk
>>> around naked.
>>
>> I would, and do, go even further and discourage broken Server/DNS
>> configurations.
>>
>> I've downright had it with all this crap hitting my server.
>>
>> I'm now doing checks right at the MTA and if the sending server fails
>> any hostname, HELO, domain name, SPF etc., checks they don't even get
>> to my content filters. The biggest thing we have in our favour is
>> that the spambots are mostly broken or running on machines that will
>> fail most of these checks.
>>
>> For legitimate email, I send an message to the admins responsible for
>> the broken configs with my log entries explaining why their email was
>> blocked. It's up to them to fix it if they want to send email my way.
>>
>> I know this isn't practical in an environment where you're
>> administering hundreds or thousands of accounts, and I feel your
>> pain, but I think it's time we encouraged proper and correct server
>> and DNS configurations so we can use all the tools at our disposal to
>> our advantage.
>
>I am with you right up until the moment my head says, "Who defines
>proper content?" Then I come back to "email format rwars" and say
>"Fahgeddit."
>
>One man's cilantro spice is another man's intolerable bitterness.
>Do we try to force the bitterness on the other man or do we try to
>accommodate? "Who gets to define how much we must tolerate?" It's
>purely an rwar issue when you apply this to formatting wars. It is
>best to do what YOU will and not get evangelistic about it. If you
>do characters like me get contrary.
>
>{^_^} Joanne, The Stubborn
A great and a wonderful idea until you have users paying you for
e-mail service and you start bouncing their mails because someone or
some program has a bug in it that they have no control over and they
lose that email from their employer, client or whatever and I can
assure you that they will find another provider right quick.
===[George R. Kasica]=== +1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
georgek@netwrx1.com
ICQ #12862186
Re: Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by jdow <jd...@earthlink.net>.
From: "Gino Cerullo" <gc...@pixelpointstudios.com>
> On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
>
>> --On Friday, August 25, 2006 12:05 AM -0700 Plenz <paul@lenz-
>> online.de> wrote:
>>
>>> I disagree. To check out what happens I converted a JPG picture
>>> into a GIF
>>> file
>>> and sent it to myself. One time I converted it with IrfanView and the
>>> second time with PaintShop Pro. Both GIF files had the result
>>> "giftopnm: EOF or error reading data portion..." So I produced a
>>> corrupt
>>> (?) image, but it was not spam.
>>
>> I think we should discourage all broken content in email and on the
>> web.
>>
>> At one time we could assume that broken content was an honest
>> mistake and make an attempt at fixing it. But with the rise of
>> malicious content attempting to exploit bugs in content handlers
>> (like overruns in image libraries), we should simply reject
>> anything that fails to pass validation, on the assumption that's it
>> out to get us.
>>
>> This includes not just broken images but also broken HTML, which is
>> so commonly used to conceal spam.
>>
>> We need to stop giving a free pass to broken content creation
>> software just because it's popular. When someone sends you broken
>> content, you should react the same way you would if they sent you
>> documents on dirt-smeared paper. Stop letting your emperor walk
>> around naked.
>
> I would, and do, go even further and discourage broken Server/DNS
> configurations.
>
> I've downright had it with all this crap hitting my server.
>
> I'm now doing checks right at the MTA and if the sending server fails
> any hostname, HELO, domain name, SPF etc., checks they don't even get
> to my content filters. The biggest thing we have in our favour is
> that the spambots are mostly broken or running on machines that will
> fail most of these checks.
>
> For legitimate email, I send an message to the admins responsible for
> the broken configs with my log entries explaining why their email was
> blocked. It's up to them to fix it if they want to send email my way.
>
> I know this isn't practical in an environment where you're
> administering hundreds or thousands of accounts, and I feel your
> pain, but I think it's time we encouraged proper and correct server
> and DNS configurations so we can use all the tools at our disposal to
> our advantage.
I am with you right up until the moment my head says, "Who defines
proper content?" Then I come back to "email format rwars" and say
"Fahgeddit."
One man's cilantro spice is another man's intolerable bitterness.
Do we try to force the bitterness on the other man or do we try to
accommodate? "Who gets to define how much we must tolerate?" It's
purely an rwar issue when you apply this to formatting wars. It is
best to do what YOU will and not get evangelistic about it. If you
do characters like me get contrary.
{^_^} Joanne, The Stubborn
Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
Posted by Gino Cerullo <gc...@pixelpointstudios.com>.
On 25-Aug-06, at 3:20 PM, Kenneth Porter wrote:
> --On Friday, August 25, 2006 12:05 AM -0700 Plenz <paul@lenz-
> online.de> wrote:
>
>> I disagree. To check out what happens I converted a JPG picture
>> into a GIF
>> file
>> and sent it to myself. One time I converted it with IrfanView and the
>> second time with PaintShop Pro. Both GIF files had the result
>> "giftopnm: EOF or error reading data portion..." So I produced a
>> corrupt
>> (?) image, but it was not spam.
>
> I think we should discourage all broken content in email and on the
> web.
>
> At one time we could assume that broken content was an honest
> mistake and make an attempt at fixing it. But with the rise of
> malicious content attempting to exploit bugs in content handlers
> (like overruns in image libraries), we should simply reject
> anything that fails to pass validation, on the assumption that's it
> out to get us.
>
> This includes not just broken images but also broken HTML, which is
> so commonly used to conceal spam.
>
> We need to stop giving a free pass to broken content creation
> software just because it's popular. When someone sends you broken
> content, you should react the same way you would if they sent you
> documents on dirt-smeared paper. Stop letting your emperor walk
> around naked.
I would, and do, go even further and discourage broken Server/DNS
configurations.
I've downright had it with all this crap hitting my server.
I'm now doing checks right at the MTA and if the sending server fails
any hostname, HELO, domain name, SPF etc., checks they don't even get
to my content filters. The biggest thing we have in our favour is
that the spambots are mostly broken or running on machines that will
fail most of these checks.
For legitimate email, I send an message to the admins responsible for
the broken configs with my log entries explaining why their email was
blocked. It's up to them to fix it if they want to send email my way.
I know this isn't practical in an environment where you're
administering hundreds or thousands of accounts, and I feel your
pain, but I think it's time we encouraged proper and correct server
and DNS configurations so we can use all the tools at our disposal to
our advantage.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740
Discourage broken content (was: Broken images in mails)
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Friday, August 25, 2006 12:05 AM -0700 Plenz <pa...@lenz-online.de>
wrote:
> I disagree. To check out what happens I converted a JPG picture into a GIF
> file
> and sent it to myself. One time I converted it with IrfanView and the
> second time with PaintShop Pro. Both GIF files had the result
> "giftopnm: EOF or error reading data portion..." So I produced a corrupt
> (?) image, but it was not spam.
I think we should discourage all broken content in email and on the web.
At one time we could assume that broken content was an honest mistake and
make an attempt at fixing it. But with the rise of malicious content
attempting to exploit bugs in content handlers (like overruns in image
libraries), we should simply reject anything that fails to pass validation,
on the assumption that's it out to get us.
This includes not just broken images but also broken HTML, which is so
commonly used to conceal spam.
We need to stop giving a free pass to broken content creation software just
because it's popular. When someone sends you broken content, you should
react the same way you would if they sent you documents on dirt-smeared
paper. Stop letting your emperor walk around naked.
Re: Broken images in mails
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Plenz wrote:
>> Adding a point for corrupted images is sounding better and better.
>
> I disagree. To check out what happens I converted a JPG picture into a GIF
> file
> and sent it to myself. One time I converted it with IrfanView and the
second
> time with PaintShop Pro. Both GIF files had the result
> "giftopnm: EOF or error reading data portion..." So I produced a
corrupt (?)
> image, but it was not spam.
>
> I have no idea what is wrong and how it could be fixed. Only this: a GIF
> file
> seems to be divided into several blocks. Perhaps one block (perhaps the
last
> block) is too short and does not match to its block header (if any
exists?).
> Perhaps it is possible to read out the correct block length from a header
> and fill the block with 00h to get a valid GIF file.
>
> Ah... I just found that there is a program named GIFFIX. I should try it
> out.
>
FuzzyOcr will try to invoke Giffix if an image is broken. If giffix
does not completely fail, then it will only give a low score for the
picture being corrupted. If it isn't able to fix the image at all,
then it will give a higher score.
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE7sVkJQIKXnJyDxURAv29AJ9i/LjlLx1me4TZiwRrSuD0KasBYQCfagl2
95Nt5kXjo3v+WO7i2jngnCk=
=XN3X
-----END PGP SIGNATURE-----
Re: Broken images in mails
Posted by Plenz <pa...@lenz-online.de>.
> Adding a point for corrupted images is sounding better and better.
I disagree. To check out what happens I converted a JPG picture into a GIF
file
and sent it to myself. One time I converted it with IrfanView and the second
time with PaintShop Pro. Both GIF files had the result
"giftopnm: EOF or error reading data portion..." So I produced a corrupt (?)
image, but it was not spam.
I have no idea what is wrong and how it could be fixed. Only this: a GIF
file
seems to be divided into several blocks. Perhaps one block (perhaps the last
block) is too short and does not match to its block header (if any exists?).
Perhaps it is possible to read out the correct block length from a header
and fill the block with 00h to get a valid GIF file.
Ah... I just found that there is a program named GIFFIX. I should try it
out.
--
View this message in context: http://www.nabble.com/Broken-images-in-mails-tf2071676.html#a5978451
Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Broken images in mails
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Wednesday, August 09, 2006 12:18 AM +0200 decoder
<de...@own-hero.net> wrote:
> I am also thinking about scanning all attachments, no matter if the
> content type specifies image or not (in the current version 2.0, only
> attachments that have image in their content type are scanned with
> format auto-detection) because for example outlook always displays the
> image, no matter if the content type is what/ever or image/blah... :(
Do any legitimate senders do this? Perhaps we can throw extra points at
misleading content types.
Re: Broken images in mails
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 9 Aug 2006, decoder wrote:
> John D. Hardin wrote:
> >
> > Adding a point for corrupted images is sounding better and better.
>
> Definetly a good idea... I will try to add this feature in the next
> release of FuzzyOcr (v.2.1) then.
I'd suggest a better place would be the imageinfo plugin -
corrupt/clean has little to do with whether or not the image contains
text, and what that text is.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If someone has a gun and is trying to kill you, it would be
reasonable to shoot back with your own gun.
-- the Dalai Lama, May 15, 2001
-----------------------------------------------------------------------
Re: Broken images in mails
Posted by decoder <de...@own-hero.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John D. Hardin wrote:
> On Tue, 8 Aug 2006, John Andersen wrote:
>> Are you sure its perfect? I've seem many of these where they are
>> intentionally corrupting the last portion (bottom edge) of the
>> image so as to avoid simple size or hashing techniques.
>>
>> The ones I saw were the same image visually, but the bottom edge
>> was intentionally corrupted beginning at different offsets.
>
> Adding a point for corrupted images is sounding better and better.
>
Definetly a good idea... I will try to add this feature in the next
release of FuzzyOcr (v.2.1) then.
I am also thinking about scanning all attachments, no matter if the
content type specifies image or not (in the current version 2.0, only
attachments that have image in their content type are scanned with
format auto-detection) because for example outlook always displays the
image, no matter if the content type is what/ever or image/blah... :(
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE2Q2dJQIKXnJyDxURAu7kAKDJLt19AywH0aZSbHNRKpLYvgtpCgCfWG+8
EhKhLMk12XQ8cC8vOJy6FY0=
=/GO+
-----END PGP SIGNATURE-----
Re: Broken images in mails
Posted by "John D. Hardin" <jh...@impsec.org>.
On Tue, 8 Aug 2006, John Andersen wrote:
>
> Are you sure its perfect? I've seem many of these where
> they are intentionally corrupting the last portion (bottom edge)
> of the image so as to avoid simple size or hashing techniques.
>
> The ones I saw were the same image visually, but the bottom
> edge was intentionally corrupted beginning at different offsets.
Adding a point for corrupted images is sounding better and better.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If someone has a gun and is trying to kill you, it would be
reasonable to shoot back with your own gun.
-- the Dalai Lama, May 15, 2001
-----------------------------------------------------------------------
Re: Broken images in mails
Posted by John Andersen <js...@pen.homeip.net>.
On Tuesday 08 August 2006 01:51, decoder wrote:
> But I can view it perfectly. Does anyone know what this could be
> caused by and a tool which can reliably convert these to pnm?
>
> Another question that I would have in mind is, if that was intended to
> happen...
>
> Best regards
>
> Chris
Are you sure its perfect? I've seem many of these where
they are intentionally corrupting the last portion (bottom edge)
of the image so as to avoid simple size or hashing techniques.
The ones I saw were the same image visually, but the bottom
edge was intentionally corrupted beginning at different offsets.
--
_____________________________________
John Andersen