[Esd-l] Yves Agostini's script

Smart,Dan SmartD at VMCMAIL.com
Wed Feb 25 06:53:29 PST 2004


John,
What I meant to say was that setting the "MANGLE_EXTENSIONS" variable to
'zip', which is what the example Procmail code in testzip.pl does is not
enough to actually strip or poison the zip attachment as I understand the
Sanitizer.  The extension also needs to be in "poisoned" or "stripped" for
something to actually happen.  Right?  

I'm trying to understand why this was done in the sample Procmail code in
testzip.pl.

Seems like this should do the following:
1. See if zip contains dangerous executable
	a. If yes, mark message as "discard"
	b. If no, send it on unaltered
I don't understand what the "mangle" state if for?

<<Dan>>

| -----Original Message-----
| From: John D. Hardin [mailto:jhardin at impsec.org] 
| Sent: Tuesday, February 24, 2004 10:03 PM
| To: Smart,Dan
| Cc: esd-l at spconnect.com; agostini at univ-metz.fr
| Subject: Re: [Esd-l] Yves Agostini's script
| 
| On Tue, 24 Feb 2004, Smart,Dan wrote:
| 
| > If zip is in either poisoned or stripped, this script isn't 
| necessary, 
| > as all zips will be blocked.
| 
| ...I think you're thinking about the behavior of 1.141, which 
| hasn't been released yet. The zip-scanning script is useful now.
| 
| --
|  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
|  jhardin at impsec.org                        pgpk -a jhardin at impsec.org
|  key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
| --------------------------------------------------------------
| ---------
|   "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
|   does quite what I want. I wish Christopher Robin was here."
| 				-- Peter da Silva in a.s.r
| --------------------------------------------------------------
| ---------
|    39 days until the Slovakian Presidential Election
| 


More information about the esd-l mailing list