[Esd-l] Re: procmail sanitizer and 8-bit attachments.
John D. Hardin
jhardin at impsec.org
Fri Jun 20 20:49:42 PDT 2003
On Thu, 19 Jun 2003, Tomas Kuliavas wrote:
> > On Wed, 18 Jun 2003, Tomas Kuliavas wrote:
> >
> >> Content-Type: application/octet-stream;
> >> name="=?iso-8859-4?B?seoudHh0LnNjcg==?="
> >> Content-Disposition: attachment;
> >> filename="=?iso-8859-4?B?seoudHh0LnNjcg==?="
> >> Content-Transfer-Encoding: 7bit
> >
> > Encoded filenames are a known weakness in the current version. I don't
> > know if I will be able to add encoded filename handling soon.
>
> How about option to block or strip anything that looks like encoded
> attachment? It may have high false positives rate, but sometimes it is
> better to have 10 false positives instead of one virus.
Add a local-rule:
:0 B hfi
* ^Content-(Type|Disposition):.*name="=\?iso-8859-[0-9]+\?B\?
| formail -A "X-Content-Security: [${HOST}] NOTIFY" \
-A "X-Content-Security: [${HOST}] QUARANTINE" \
-A "X-Content-Security: [${HOST}] REPORT: Trapped encoded
filename"
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The fetters imposed on liberty at home have ever been forged out
of the weapons provided for defense against real, pretended, or
imaginary dangers from abroad.
-- James Madison, 1799
-----------------------------------------------------------------------
501 days until the Presidential Election
More information about the esd-l
mailing list