DCC headers vs. Symmantec antivirus conflict

Vernon Schryver vjs@calcite.rhyolite.com
Mon Dec 8 16:07:56 UTC 2003

> From: Arpi <arpi@thot.banki.hu>
> To: dcc@rhyolite.com

> We've recently got many bounced messages from sites running the
> symmantec antivirus gateway. The error messages were about MIME
> header parsing error. ...

> If i replace the dots by dash (X-DCC-x-mailer.co.uk-Metrics: ->
> X-DCC-x-mailer-co-uk-Metrics:) then it works fine!
> So i think that using dots in mime header names is invalid by
> (some) RFC, so some paranoid scanners/gateways catch it?
> The real question is how to solve the problem.
> Either DCC servers should be forced not to use dots in name,
> or the dcc-proc client should be fixed to replace dots by
> some valid characters.

> ...
> please Cc: me, i'm not subscribed to this list. Thanks.

Thank you for diagnosing and reporting the problem.

Page 7 of RFC 2822 includes:

] 2.2. Header Fields
]  Header fields are lines composed of a field name, followed by a colon
]  (":"), followed by a field body, and terminated by CRLF.  A field
]  name MUST be composed of printable US-ASCII characters (i.e.,
]  characters that have values between 33 and 126, inclusive), except
]  colon. ...

Page 29 includes:

] 3.6.8. Optional fields
]  Fields may appear in messages that are otherwise unspecified in this
]  standard.  They MUST conform to the syntax of an optional-field.
]  This is a field name, made up of the printable US-ASCII characters
]  except SP and colon, followed by a colon, followed by any text which
]  conforms to unstructured.

I see no relevant restrictions on "user-defined-fields" in RFC 822
or changes noted in Appendix B of RFC 2822.

There is only so much that can be done for junk software.  It does
not seem appropriate to do as you say and "force" people providing
a free service to choose some other "brand" for their DCC servers.
My suggestion is to tell your correspondents to not use software
that does not comply with the relevant standards.  Getting the
definition of SMTP header field names wrong may not be a major
error, but it is suggestive.  Commercial mail virus scanners do not
have historically high reputations.

Vernon Schryver    vjs@rhyolite.com

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.