[Esd-l] Re: Yves Agostini's script
Agostini yves
agostini at univ-metz.fr
Thu Feb 26 01:13:15 PST 2004
Le mar 24/02/2004 ` 22:23, Smart,Dan a icrit :
> I have a question about Yves's script...
>
> The MANGLE return is set if the zip file only contains poisoned executables,
> however this is only setting MANGLE_EXTENSIONS='zip'. This isn't enough to
> actually block zip files, as the extension must be in either the "poisoned"
> or "stripped" too, right?
>
> If zip is in either poisoned or stripped, this script isn't necessary, as
> all zips will be blocked.
>
> Why not set this to discard too?
>
Sorry I was really busy, and I don't read all mail from the list ...
I will try to reply to Dan :
procmailrc is read by procmail for each mail to be delivered and same
think for testzip.pl.
Well, the alone setting of MANGLE_EXTENSIONS='zip' is an easy way (tips
?) to mangle (rename attachement) only the current mail.
MANGLE_EXTENSIONS="$MANGLE_EXTENSIONS|zip" should be better but I don't
test it.
In testzip.pl, if files looks like .exe, .pif, .com ... (see the 21
first lines of poisoned-files) zip is "mangled"
else for files "hardcore.exe","wtc.exe", double extensions ... other
more explicit lines from poisoned-files, the current mail is rejected.
But there's some good ideas on the futur release,
- specific ZIPPED_FILES
- only use CPAN
John I saw Archive::Zip in CPAN which is package on debian
I will try to test it today if it can only read files names of the zip
Yves
--
-----------------------------------------------------------------
AGOSTINI Yves CRIUM - Universiti de Metz
agostini at univ-metz.fr http://www.crium.univ-metz.fr
tel: 03 87 31 52 63 fax: 03 87 31 53 33
Bureau: http://www.mim.univ-metz.fr/contact/anim1.html
More information about the esd-l
mailing list