Software Engineering Institute

Section 5.2.2 of RFC 2046 defines the "message/partial" Multipurpose Internet Mail Extensions (MIME) type:

5.2.2.  Partial Subtype

   The "partial" subtype is defined to allow large entities to be
   delivered as several separate pieces of mail and automatically
   reassembled by a receiving user agent.  (The concept is similar to IP
   fragmentation and reassembly in the basic Internet Protocols.)  This
   mechanism can be used when intermediate transport agents limit the
   size of individual messages that can be sent.  The media type
   "message/partial" thus indicates that the body contains a fragment of
   a larger entity.
Email anti-virus scanners and content filters typically search messages for signatures or patterns that are associated with known viruses, malicious code, or restricted content. Some anti-virus scanners and content filters do not detect patterns that are fragmented across different "message/partial" MIME parts in multiple email messages. For example, an anti-virus scanner that would normally detect a well-known virus in an email message might fail to do so if the virus was sent s a "message/partial" MIME entitiy split across multiple email messages.

Note that some products may corrupt messages containing "message/partial" MIME parts such that they cannot be automatically reassembled by mail user agents (MUAs). This behavior provides some protection at the cost of breaking the intended functionality of the "message/partial" MIME type.

Beyond-Security SecuriTeam has released an advisory that describes this vulnerability in further detail.

Email anti-virus and content filters may not detect viruses, malicious code, or other restricted content that is sent as "message/partial" MIME parts in multiple email messages. Such messages may be automatically reassembled by MUAs, thus delivering the virus, malicious code, or restricted content to users.

Apply Patch

Apply a patch or upgrade from your vendor. For information about a specific vendor, check the Systems Affected section of this document or contact your vendor directly.

Block "message/partial" MIME Types

If possible, configure your mail server, firewall, or other gateway technology to block messages containing "message/partial" MIME parts. Note that this will disable the intended functionality of this MIME type, and users will be unable to send or receive messages containing "message/partial" parts.

Disable Message Reassembly

If possible, configure your MUA to not reassemble fragmented messages automatically. This will prevent your MUA from reassembling any "message/partial" MIME entities, whether or not they are malicious.

Use Desktop Anti-Virus Software

Deploy and maintain updated desktop anti-virus software.