[Esd-l] Fw: .com file which passed thru the sanityzer
Joe Steele
joe at madewell.com
Mon Nov 24 12:36:10 PST 2003
On Monday, November 24, 2003 10:38 AM, Juan Maria Gil wrote:
> Today we have received some emails from a security test sent to us by SecurityMetrics,
> eveyone of the executables were sanitized but one.
> This is the significative parts of this message:
[snip]
> Content-Disposition: attachment; filename="eicar.=?ISO-8859-1?Q?c?= =?ISO-8859-1?Q?o?=
> =?ISO-8859-1?Q?m?="
The attachment used an encoded filename. To quote John Hardin:
"Encoded filenames are a known weakness in the current version. I
don't know if I will be able to add encoded filename handling soon."
There was a thread on this issue about 5 months ago which discussed
solutions using local rulesets. However, the solutions are rather
simplistic and may not be acceptable for persons who frequently need to
use filenames containing non US-ASCII characters. The thread subject
was "procmail sanitizer and 8-bit attachments":
http://www.spconnect.com/pipermail/esd-l/2003q2/thread.html#4203
--Joe
More information about the esd-l
mailing list