[Esa-l]Re: URGENT - sample mail with vbs which passes your
sanitizer
John D. Hardin
jhardin at impsec.org
Fri May 11 06:55:05 PDT 2001
On Fri, 11 May 2001, Chris Smith wrote:
> if ($ENV{"SECURITY_STRIP_MSTNEF"} && $hdrtxt =~
> /^Content-Type:\s+application\/MS-TNEF/i) { #\
>
> Will this part do it? (This is in 1.128)... It seems to strip the
> TNEF attachment out (lines 719-728) & makes a security notice
> report.
That's exactly what it does.
I plan to put more proper handling of TNEF attachments into 2.0, but
for now all you can do is pass 'em or zap 'em.
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin at wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
An entitlement beneficiary is a person or special interest group
who didn't earn your money, but demands the right to take your
money because they *want* it.
-- John McKay, _The Welfare State:
No Mercy for the Middle Class_
-----------------------------------------------------------------------
1271 days until the Presidential Election
More information about the esd-l
mailing list