Sandstorm - Clean email sent, but contents (headers/body) mixed up

Question

Soft Release 9.400-9

Have turned on Sandstorm for Email, and just received one that had been classified as Clean. Unfortunately the received email had lots of the headers appearing in the body section, and the files were shown as text in the email, rather than as attachments:

Return-Path: <accounts@iinet.net.au>

Delivered-To: me@bordo.com.au

Received: from astaro1.bordo.com.au (localhost [127.0.0.1])

by mail.bordo.com.au (Postfix) with ESMTPS id 1EF216CE99B5

for <me@bordo.com.au>; Fri, 8 Apr 2016 11:22:11 +1000 (EST)

Received: from unknown ([192.168.1.2] helo=astaro1.bordo.com.au) by

mail.bordo.com.au with SMTP (2.5.2); 8 Apr 2016 11:22:10 +1000

Received: from staff.icp-osb-irony-out6.external.iinet.net.au ([203.217.4.222]:53490)

by astaro1.bordo.com.au with esmtp (Exim 4.82_1-5b7a7c0-XX)

(envelope-from <accounts@iinet.net.au>)

id 1aoL5W-00036t-31

for me@bordo.com.au; Fri, 08 Apr 2016 11:20:00 +1000

X-IronPort-AV: E=Sophos;i="5.24,449,1454947200";

d="pdf'?jpg'145?png'145,150?scan'145,150,208,217,150,145";a="230647846"

Received: from unknown (HELO IEP-OSB-EGAMSG1) ([203.173.51.128])

by icp-osb-irony-out6.iinet.net.au with ESMTP; 08 Apr 2016 09:19:48 +0800

Date: Fri, 8 Apr 2016 09:19:48 +0800 (WST)

From: iiNet Billing Team <accounts@iinet.net.au>

Reply-To: accounts@iinet.net.au

To: me@bordo.com.au

CC:

Message-ID: <me@bordo.com.au.20160408091948.15582C5AD5A75443A821F709D7D5F039>

Subject: iiNet Invoice: #77038926

Errors-To: accounts@iinet.net.au

X-Mailer: PBBI e-Messaging Solution

X-Priority: HIGH

Charset: UTF-8

x-references: me@bordo.com.au.20160408091948.15582C5AD5A75443A821F709D7D5F039

--- Sandbox result ---

2efed5f8-e490-4c34-80c0-bdf3a1a61e4b invoice_77038926.pdf

--- Sandbox result end ---

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_Part_2068942_178508621.1460078388674"

X-Assp-ID: mail.bordo.com.au id-78530-11079

X-Assp-Session: 7F849D967740 (mail 1)

X-Assp-OIP: 203.217.4.222

X-Assp-Detected-RIP: 203.173.51.128

X-Assp-Source-IP: 203.173.51.128

X-Assp-Envelope-From: accounts@iinet.net.au

X-Assp-Intended-For: me@bordo.com.au

X-Assp-Version: 2.5.2(16097) on mail.bordo.com.au

X-Assp-Server-TLS: yes

X-Assp-Whitelisted: Yes (whitelistdb)

------=_Part_2068942_178508621.1460078388674

Content-Type: multipart/related;

boundary="----=_Part_2068941_446705619.1460078388674"

------=_Part_2068941_446705619.1460078388674

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

Charset: UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<html>

<head>

<title>F:\tds\delivery\2016-04-08\27147517-print.html</title>

</head>

</td>

Is the problem that a new line was put before "--- Sandbox result ---"?

(Also, none of the Email files get listed in the Sandbox Activity section).

Is the problem that a new line was put before "--- Sandbox result ---"? (Also, none of the Email files get listed in the Sandbox Activity section).

Tamas Bajaki · Accepted Answer

Hi James, 
 According to RFC2822, section 3.5 the first line containing only CRLF marks the boundary between the header and the body section. 
 As such, this was clearly a bug on our side, that whole result section shouldn't have been included in the delivered mail in the first place. This behavior was obscured by the fact that since the 'Sandbox result' part is appended to the end of the header section which contains a 'Content-Type: multipart/...' header since the mail has at least one attachment that was sent for Sandstorm scanning: The 'Sandbox result' part is treated as the beginning of the body, however as it is placed before the first MIME boundary (the beginning of the original body), it isn't displayed. In your case however, as the topmost Content-Type is text/plain, the 'Sandbox result' improperly (or rather, properly :) ) acts as the beginning of the mail body. 
 You can expect a fix to this issue soon. 
 Kind regards, Niriel~