[Esd-l] Need to bypass Sanitizer

John D. Hardin jhardin at impsec.org
Sun Apr 21 21:04:01 PDT 2002


On Mon, 22 Apr 2002, Chris wrote:

> Just a note. People put dates in filenames (eg 17.04.02.doc) .....
> this caught me out. Trying to train users is impossible so I only
> poison specific double extensions I know are bad (*.*.exe etc).

The double-extension filespecs in the current recommended poison list
explicitly exclude .DOC and .XLS files for precisely this reason. If
you're not automatically pulling the recommended list, you might want
to take a look at it and use just those.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 "They [media giants] have no idea how to do business with resourceful
  human beings rather than passive vegetables. So they run to [the]
  government for protection."
                    -- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
   926 days until the Presidential Election



More information about the esd-l mailing list