What is the easiest way (in terms of computing resources) to tell if an s/mime email message is signed with attached signature when this message is encrypted?
If a message is just signed, it's easy. It has somewhat like:
for attached signature
Content-Type: application/x-pkcs7-mime; smime-type=signed-data;
name="smime.p7m"
Or:
for detached signature
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_00D2_01CD5850.61030BF0"
in its headers.
But when a message is encrypted, you can't tell if it's also signed because the Content-Type header is the same for both cases (just encrypted and encrypted/signed):
Content-Type: application/x-pkcs7-mime;
smime-type=enveloped-data;
boundary="----=_NextPart_000_000D_01CDC82B.98454D80";
name="smime.p7m"
Does it mean that I have to decrypt the message just to tell if it's also signed? For now, it seems I cannot even tell if my message is signed before I decrypt it (because the signature is within the encrypted data). Or, maybe, S/MIME encrypted and signed data still has some pattern which could let me distinguish between encrypted/signed and encrypted/unsigned data without decryption (which may even be possible if I don't have the certificate for decryption)?
S/MIME is flexible; you can sign and/or encrypt in any combination you want. Email clients, however, typically all behave the same way: Outlook 2010, Apple's Mail, and Thunderbird 17 all sign and then encrypt. The results for these 3 are nearly identical. They include these 3 headers in the message headers:
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64
They encrypt and base64-encode the entire body of the message.
To answer your questions:
What is the easiest way (in terms of computing resources) to tell if an s/mime email message is signed with attached signature when this message is encrypted?
The only way is to decrypt it.
Does it mean that I have to decrypt the message just to tell if it's also signed?
Yes.