[Esd-l] 2 questions about double extension check

Michael Meltzer michael.meltzer at aed-sicad.de
Tue Aug 17 07:33:17 PDT 2004 

"John D. Hardin" wrote:

> On Mon, 16 Aug 2004, Michael Meltzer wrote:
>
> > Is it possible (an if so how) to restrickt the double extension
> > check of the sanitizer to a certain minimum size of the message
> > including the attachment ?
>
> Hrm. Well, the double-extension check isn't hardcoded, it's in the
> poisoned extensions list, so you could try this:
>
> 1) Make two poison lists, one with the all extensions including the
> double-extension entries, the other omitting just the
> double-extension entries. Then,
>
> 2) In your /etc/procmailrc where you set your poison filename, try
> something like this:
>
>   POISONED_EXECUTABLES=/etc/procmail/list-without-doubles
>
>   :0
>   * > 200000
>   {
>      POISONED_EXECUTABLES=/etc/procmail/list-with-doubles
>   }
>
> (substitute whatever size you want in place of the "200000")

thank you very much. I changed my /etc/procmailrc as suggested.

>
>
> > Is it possible to check double extensions only against the
> > extensions in the MANGLE_EXTENSION variable or against an other
> > variable or file ?
>
> At the moment only $MANGLE_EXTENSION extensions are checked against
> the poisoned filenames list.

I think this applies to the last/real extension. What I ment is the last but one extension.
Sorry for my inaccurate question.

Michael

>
>
> --
>  John Hardin KA7OHZ    ICQ#15735746   http://www.impsec.org/~jhardin/
>  jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
>  key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   The [assault weapons] ban is the moral equivalent of banning red
>   cars because they look too fast.
>                                    -- Steve Chapman, Chicago Tribune
> -----------------------------------------------------------------------
>    28 days until the "Scary-Looking Guns" ban expires

--
+-- Michael Meltzer -------------+-----------------------------------------+
|   AED-SICAD Aktiengesellschaft |   EMail : Michael.Meltzer at aed-sicad.de  |
|   Lilienthal-Str. 7            |   Phone : +49-89-45026-108              |
|   85579 Neubiberg              |   Fax   : +49-89-45026-113              |
+--------------------------------+-----------------------------------------+

More information about the esd-l mailing list