[Esd-l] Can't get Procmail-security to work...

Karl.Dunn at vmic.com Karl.Dunn at vmic.com
Mon Oct 29 21:02:04 PST 2001


An obvious comment: this scheme stops selected bad stuff, rather than
passing only selected good stuff.  I think you have made that observation
yourself, but it's worth beating the drum some more.

Karl Dunn     (KLD13)
VMIC
12090 South Memorial Parkway
Huntsville AL USA 35803
VOICE: (256) 382-8211 or (800) 322-3616
FAX:   (256) 650-5472 or (256) 882-0859

On Sat, 27 Oct 2001, John D. Hardin wrote:

> On Thu, 25 Oct 2001, Brett Glass wrote:
>
> > Here's a "poisoned" file that we have used with John's sanitizer.
> > Note that it does produce the occasional "false positive," most
> > often when users naively use an attachment file name such as
> > "Plan.rev.doc". But the security is well worth it.
> >
> > --Brett
> >
> > *.[a-z][a-z][a-z0-9].[a-z0-9]+
>
> I've been bothered by the same thing for a while.
>
> I'm considering changing the default poisoned list to something like:
>
>   *.[a-z][a-z][a-z0-9].(com|exe|bat|pif|dll|etc...)
>
> so that multiple-extension documents don't automatically get poisoned.
>
> Any comments?
>
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
>  jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
>   does quite what I want. I wish Christopher Robin was here."
> 				-- Peter da Silva in a.s.r
> -----------------------------------------------------------------------
>    Tomorrow: Daylight Savings Time ends
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
>



More information about the esd-l mailing list