[Esd-l] No Doc mangling Sanitizer 1.133

Dan Kubilos dan at oxnardsd.org
Wed Jan 9 09:52:01 PST 2002


I installed Version 1.133

Made no other changes.

But.  .doc .xls  are no longer mangled!

Entries in the poisoned file ARE quarantined, but mangle list not in
poisoned seem to pass right through.

Any ideas 


On Sat, 5 Jan 2002, John D. Hardin wrote:

> 
> The procmail sanitizer has been updated. The current version is 1.133
> It is available via:
> 
> US:  http://www.impsec.org/email-tools/procmail-security.html
> NO:  http://jhardin.oftedal.no/email-tools/procmail-security.html
> AU:  http://grebopple.accessunited.com.au/email-tools/procmail-security.html
> AU:  http://impsec.fuzzitech.net/~jhardin/email-tools/procmail-security.html
> 
> From the changelog:
> 
> 01/05/2002 (1.133)
> Fixed bug in handling of some recursive multipart messages; this has
> serious security implications, you should upgrade right away.
> Fixed stripping of attachment-only MIME messages.
> Added stripping of UUE attachments.
> Added support for multiline status reports (for example, if multiple file
> attachments are processed).
> Made some cosmetic improvements in report messages.
> Recoded some procmail and perl statements for minor efficiency gains.
> Now truncate stripped and poisoned filespecs at space to allow for comments
> in the poisoned- and stripped-filenames lists - if you are poisoning or
> stripping filespecs containing spaces, MAKE SURE you use \s instead of a
> literal space!
> 
> 
> The sanitizer home page is at
> http://www.impsec.org/email-tools/procmail-security.html
> 
> 
> 
> ----------------------------------------------------------------------
> gpg: Warning: using insecure memory!
> gpg: Signature made Sat 05 Jan 2002 04:31:48 PM PST using DSA key ID B8732E79
> gpg: Can't check signature: public key not found
> ----------------------------------------------------------------------
> 

-- 
Dan Kubilos     __\o_ ^
K-8 Tech Coord
http://www.oxnardsd.org



More information about the esd-l mailing list