[Esa-l] Re: Felix Navidad ... Stripping Attachments
Murray Crane
mecha.ike at hydramedia.com
Mon Dec 4 02:44:57 PST 2000
At 18:11 3/12/00 -0800, you wrote:
>Done. What do you all think of the new web site?
Nice, but in your list of sources for the sanitizer only impsec.org
actually had V1.124 (or was the first, running L to R), but you know that,
surely.
>There are four possible things to do to an attached file:
> Allow it to pass unchanged;
> Mangle the filename;
> Strip it off the message;
> Poison the message.
>
>(Am I missing anything here?)
Hmm. As long as stripping can be to a particular quarantine directory ON
A PER FILENAME BASIS, then no, least ways, not as far as I am
concerned. I'll be able to do everything I want under this schema:
Strip (to /wherever/quarantine) double extension files
Strip (to /dev/null) everything else on my current POISONED_EXTENSIONS list
Mangle the remainder of the MANGLE_EXTENSIONS list
Allow everything else
BTW, As best as I can tell, poisoning is redundant in this (slightly
modified) schema, just strip to /dev/null with a particularly evil
placeholder inserted. That way, the perhaps useful body of the message
will get through.
Hope that helps.
Murray Crane
More information about the esd-l
mailing list