[Esa-l] ANN: testers wanted for double-extension improvement

John D. Hardin jhardin at impsec.org
Wed Nov 21 13:48:41 PST 2001


All:

I have added an enhancement to the development release that will
hopefully allow a more elegant solution to the problem of poisoning
double-extension documents incorrectly.

The new changes in 1.131pre5 support Perl's extended regular
expression construct (?...)

If you install 1.131pre5 and modify your double-extension entries in
your poisoned files list from this:

  *.[a-z][a-z][a-z0-9].[a-z0-9][a-z0-9][a-z0-9]
  *.[a-z][a-z][a-z0-9].[a-z0-9][a-z0-9]
  *.[a-z][a-z].[a-z0-9][a-z0-9][a-z0-9]
  *.[a-z][a-z].[a-z0-9][a-z0-9]

to this:

  *.[a-z][a-z][a-z0-9].(?!(doc$|xls$))
  *.[a-z][a-z][a-z0-9].[a-z0-9][a-z0-9]
  *.[a-z][a-z].(?!(doc$|xls$))
  *.[a-z][a-z].[a-z0-9][a-z0-9]

then double-extension word documents and excel spreadsheets (e.g.
something like "sales.jan.xls") should *not* be poisoned, but all
other double-extension files matching $MANGLE_EXTENSIONS should still
be poisoned.

Note that the (?...) construct may be useful for more than this
example. See the perl man page for details.

I'm testing this on my mail. Anybody else feel adventurous?

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1077 days until the Presidential Election



More information about the esa-l mailing list