[Esa-l] ANN: Sanitizer update

John D. Hardin jhardin at wolfenet.com
Sun Dec 3 17:09:59 PST 2000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.124
It is available via:

US:  http://www.impsec.org/email-tools/procmail-security.html
US:  ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
CAN: ftp://netserv.on.ca/pub/jhardin/antispam/procmail-security.html
EU:  ftp://kanon.net/pub/jhardin/antispam/procmail-security.html

- From the News section of the home page:

12/01/2000
Improved handling of &# and % escapes; they could have been "fixed" within
the body of base64 attachments, thus corrupting the attachment.
Added ".asx", ".wms", ".wmz" and ".wmd" to the default mangle list; the
mangling and poisoning model is going to change very soon.
Added stripping of MS-TNEF attachments created by Microsoft Outlook
Rich-Text format; to strip MS-TNEF attachments, define
SECURITY_STRIP_MSTNEF to be any value. See
http://support.microsoft.com/support/kb/articles/Q241/5/38.ASP and
http://www.microsoft.com/TechNet/exchange/2505ch10.asp for more
information.
Rewrote the document macro scanner to be more efficient; now it only makes
one pass through the attachment, where before it was making two passes.
Changed filename length limit to 128 characters from 64; 64 characters is
not enough for proper handling of long filenames with encoded international
characters.

Remodeled the website - there's too much there to fit on one intelligible
page.

The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html


-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBOirgqNgi5ua4cy55EQJHoACg2OPzaJ/RFR8qeRKcvc/lVkfy168AoOt/
PINWMoeigMRvLk7tJhqQTY6F
=SVLT
-----END PGP SIGNATURE-----

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
   Today: Dune on SciFi

More information about the esd-l mailing list