[Esa-l] Something to think about...

Bjarni Runar Einarsson bre at klaki.net
Wed Nov 22 09:08:31 PST 2000


On 2000-11-22, 10:38:14 (-0500) David Collantes wrote:
>
> is an email with "navidad.exe". That email got forwarded and an attachment
> (the whole email, not "navidad.exe" itself). The filter is not catching
> that and the users are open to the virus threat.
> 
> Any fix for that? Thanks and...

I don't know if this qualifies as a "fix", since John has not yet
officially joined me in developing the Anomy sanitizer (which is
based on John's procmail filter)... :-) But my sanitizer explicitly
enforces it's policies on forwarded messages and attachments which
appear to be email messages.  This *should* mean it can handle the
problem you describe.

If you have samples of the messages that made it through, I would
really apprecate a verbatim copy (headers and all) to test and
debug my program - and John could probably use a copy as well,
since it's really hard to fix issues like these unless you can
reproduce the problem.  But! please don't post live viruses to this
mailing list, use private mail. :)

If you're interested, then the Anomy sanitizer can be found:
http://mailtools.anomy.net/.

John: I wrote a manual and added a few short chapters about hacking
on Anomy a couple of weeks ago.  That should help you get started
if/when you decided to start playing with the code.

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 bre at netverjar.is              -><-             http://bre.klaki.net/

Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/



More information about the esd-l mailing list