[Esd-l] ANN: devel release - win exe magic poisoning
John D. Hardin
jhardin at impsec.org
Sun Sep 15 16:08:01 PDT 2002
All:
Development release 1.136pre4 includes a new feature: checking for
base64-encoded Windows executable magic strings.
If you define SECURITY_POISON_WINEXE, then these checks take place
after the regular sanitizer runs, and should catch Windows executables
that have bogus innocuous filename and MIME types (e.g. audio/whatever
and "fnord.jpg") and are thus not caught by filename checks.
I'm testing it here, I'd also like some feedback from brave souls -
especially if it lets anything through that it shouldn't.
http://www.impsec.org/email-tools/development/html-trap.procmail
Any volunteers?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
94 days until The Two Towers
More information about the esd-l
mailing list