[Esa-l] ANN: Procmail Sanitizer 1.134 released

John D. Hardin jhardin at impsec.org
Sun Apr 21 16:57:40 PDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.134
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/FL:  http://stonewall.lbhs.net/~jhardin/email-tools/procmail-security.html
EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/FL:  http://stonewall.lbhs.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz

- From the changelog:

Customize the MTA command line, to allow for newer sendmail command
 line options and non-sendmail MTAs: $MTA_FLAGS_CMDLN and
 $MTA_FLAGS_HDRS.
Mangle MIME types in deferred headers if appropriate.
Improve encoded-filename handling.
Set Errors-To: header.
Put the version number in the $NOTIFY message.
Fix no-LOGFILE-breaks-UUE-sanitization bug.
Defang quotes-in-extension Outlook attack.
Add WMA and WMV to mangled executable extensions, per bugtraq.
Fix trailing periods in addition to trailing whitespace - Windows drops
 trailing periods from filenames without warning.
Work around memory allocation error in procmail v3.22.
Add the OnContextMenu and OnDragStart events to HTML
 defanger.
Improved recipient address parsing for logs and bounce messages.
Minor procmail efficiency enhancements.

The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html

The archive of the sanitizer discussion list is at
http://www.spconnect.com/mailman/listinfo/esd-l



-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBPMNBXtgi5ua4cy55EQKhywCeOf23VYKrdcJw0rOlz68FJqpRt1cAoOqR
cNtpFLkOi3f2xlITlqmaV/+p
=dHQK
-----END PGP SIGNATURE-----

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 "They [media giants] have no idea how to do business with resourceful
  human beings rather than passive vegetables. So they run to [the]
  government for protection."
                    -- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
   926 days until the Presidential Election



More information about the esa-l mailing list