[esa-l] Procmail Sanitizer updates
John Hardin
jhardin at impsec.org
Fri Jul 11 09:23:43 PDT 2014
Folks:
In the immortal words of the peasant in the plague-ridden medieval English
village: "I'm not dead yet!"
While development of the sanitizer has greatly slowed since 2006, I am
still using it in production and I am still modifying it from time to
time as the nature of email and exploits change.
The most recent modification is a change to the Office macro scanner code
to detect and score Office documents that attempt to download malware off
the Internet. This change detects an Office document attack I received a
few days ago that is getting essentially zero antivirus detection at this
point.
If you are still using the sanitizer, please consider visiting the website
and downloading the development snapshot. It is stable even though it has
not been officially released - it's been in continuous production use on
my mailserver for years.
http://impsec.org/email-tools/procmail-security.html
And I am still here, please don't hesitate to get in touch.
(Now to see how many unsubscribes this generates...)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that
item. -- John C. Randolph <jcr at idiom.com>
-----------------------------------------------------------------------
5 days until the 69th anniversary of the dawn of the Atomic Age
More information about the esa-l
mailing list