The Malformed MIME Dilemma

The company that I work for has an anti-virus gateway. The anti-virus gateway is a server which is positioned between our internal email servers and the outside world. It filters out SPAM emails and viruses while it allows legitimate emails to pass through it to the internal email servers so that they can be delivered to their intended recipients. If the anti-virus gateway cannot fully scan an email for viruses, it filters the email out and often sites “malformed_MIME” as the cause.

Obviously, its this guy’s fault.

MIME stands for Multipurpose Internet Mail Extensions. MIME is used to describe information about the content of an email and how it is formatted. There are standards that determine how a MIME email should be composed. One of these standards is RFC 5322 (formerly RFC 822 and RFC 2822). When an email is created in a fashion that doesn’t comply with RFC 5322, anti-virus software is often unable to effectively scan the entire email for viruses.

The company that I work for receives emails from hundreds of vendors each week. Some of those vendors use custom or specialty software to automatically create emails. The vendor’s email software may not create emails in a way that conforms to RFC 5322. When this happens, the email gets filtered out by my company’s  anti-virus gateway and business is hampered.

Some companies in this situation have decided to allow unscannable emails with malformed MIME types to be delivered normally. This behavior is risky, as the bad guys have found ways to use emails with malformed MIME types to crash email servers and hide viruses in emails so that anti-virus software has a hard time detecting it. It is also common for SPAM to have malformed MIME types. By not blocking emails with malformed MIME types, these companies may be delivering more SPAM to their users as well.

At this time, my organization is still blocking unscannable emails. We are also working with vendors who send us emails with malformed MIME types when they request information to investigate the matter further.

Has this ever been a concern for your organization? What do you think about this issue? Participate in the poll and post a comment!

Further Reading:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s