[Esa-l] ANN: Sanitizer update
Brett Glass
brett at lariat.org
Tue Sep 19 15:30:04 PDT 2000
John:
Should have mentioned this, but there is one more extension
to add to the mangle list: OCX. OCXes are essentially
DLLs. If an app that loads an OCX does it from the attachment
directory instead of C:\WINDOWS\SYSTEM, all, er, heck could
break lose.
--Brett
P.S. -- What are MDA and MDW?
At 03:19 PM 9/19/2000, John D. Hardin wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>The procmail sanitizer has been updated. The current version is 1.118
>It is available via:
>
>US: http://www.impsec.org/email-tools/procmail-security.html
>US: ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
>CAN: ftp://netserv.on.ca/pub/jhardin/antispam/procmail-security.html
>EU: ftp://kanon.net/pub/jhardin/antispam/procmail-security.html
>
>- From the News section of the home page:
>
>09/19/2000
>Added .DLL, .MDA and .MDW to the default mangle list - if you are maintaining
>custom mangle lists, you should update them. You probably also want to add
>*.DLL to your poisoned-attachments list.
>Modified the macro scanner slightly to reduce the chance of false positives on
>Excel spreadsheets.
>Added From:, Status:, X-Status: and X-Keywords: to the excessively-long headers
>check since UW IMAP is vulnerable to overflows in these.
>Increased the Excessively Long Header length to 512 characters to further
>reduce false positives.
>
>Also, the sanitizer, home page, gateway nano-HOWTO and a list of poisoned
>filespecs is now available as a tarball.
>
>The sanitizer home page is moving to
>http://www.impsec.org/email-tools/procmail-security.html
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 5.0
>Charset: noconv
>
>iQA/AwUBOcfKA9gi5ua4cy55EQKMjgCfViWYHINFJ5vJXQ46QsrbkYDxi98AoMUq
>44R+9o0Q8ArPast4rR1sjUQp
>=WKjy
>-----END PGP SIGNATURE-----
>
>--
> John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
> jhardin at wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
> 768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
> 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>-----------------------------------------------------------------------
> "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
> does quite what I want. I wish Christopher Robin was here."
> -- Peter da Silva in a.s.r
>-----------------------------------------------------------------------
> 40 days until Daylight Savings Time ends
>
>
>_______________________________________________
>E-mail Security Announce list mailing list
>E-mail Security Announce list at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esa-l
More information about the esd-l
mailing list