[Esa-l] Re: Felix Navidad ... Stripping Attachments

Murray Crane mecha.ike at hydramedia.com
Mon Dec 4 02:44:57 PST 2000

At 18:11 3/12/00 -0800, you wrote:
>Done. What do you all think of the new web site?

Nice, but in your list of sources for the sanitizer only impsec.org 
actually had V1.124 (or was the first, running L to R), but you know that, 

>There are four possible things to do to an attached file:
>   Allow it to pass unchanged;
>   Mangle the filename;
>   Strip it off the message;
>   Poison the message.
>(Am I missing anything here?)

Hmm.   As long as stripping can be to a particular quarantine directory ON 
A PER FILENAME BASIS, then no, least ways, not as far as I am 
concerned.  I'll be able to do everything I want under this schema:

   Strip (to /wherever/quarantine) double extension files
   Strip (to /dev/null) everything else on my current POISONED_EXTENSIONS list
   Mangle the remainder of the MANGLE_EXTENSIONS list
   Allow everything else

BTW, As best as I can tell, poisoning is redundant in this (slightly 
modified) schema, just strip to /dev/null with a particularly evil 
placeholder inserted.  That way, the perhaps useful body of the message 
will get through.

Hope that helps.

Murray Crane

More information about the esd-l mailing list