[Esa-l] How not to DEFANG 'clean' attachments?

Juan Manuel Calvo jmc at cema.edu.ar
Fri Feb 16 13:08:35 PST 2001 

John:

I don't understand, in msg 
"http://www.spconnect.com/pipermail/esa-l/msg00313.html"
I see:

> It is possible mangle Word/Excel/PPoint filenames only 
> when it is detected a hazardous macro code?

No, because scanning the document for macros occurs after the MIME
header has been completely processed.


Reading the code I see (pseudocode)

run-macro-scanner;
 
if ($score  > $poison_score) {
   print warning;
}

Only a warning is given, filename is not poisoned. 

"John D. Hardin" wrote:
> 
> On Fri, 16 Feb 2001, Michael Kelly wrote:
> 
> > Is it possible to configure the sanitizer to not DEFANG the
> > attachment filename when the score is 0?
> 
> You're speaking of Office documents?
> 
> The scanning and poisoning of scanned documents is independent of
> whether the document attachment appears in the MANGLE list. If you
> omit the extension (e.g. "doc") from the MANGLE list, it will still be
> scanned and will be poisoned if the scanner score exceeds the limit     
> you've set. Read the configuration page where it talks about not
> mangling office documents for locally-originating mail.
> 
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
>  jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   Failure to plan ahead on someone else's part does not constitute an
>   emergency on my part.
>                                   - David W. Barts in a.s.r
>                                     <davidb at ce.washington.edu>
> -----------------------------------------------------------------------
>    106 days until Mir deorbits
> 
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l

-- 
Ing. Juan Manuel Calvo                       |TE: +54-11-4314-2269
Director del Centro de Computos              |FAX:+54-11-4314-1654
Universidad Del CEMA                         | 
Cordoba 374 (1054) Capital Federal, Argentina| http://www.cema.edu.ar

More information about the esd-l mailing list