[Esa-l] Re: Felix Navidad ... Stripping Attachments

Patrick pat at sid-dis.com
Mon Dec 4 15:21:48 PST 2000

Really good job with the sanitizer. Work great. 

I'm just wondering, why not delete everything EXCEPT a list of acceptable
extension for your domain? That way, no need to update the sanitizer every
week to add some new evil extension.

For my domain, accepting only .doc, .xls, .zip, .html and .txt would be
just fine. 
You could scan everything just in case (for macro virus). Other peoples
could add 
whatever they want.

What do you think? Do I am missing something here that prevent the use of
such method?


>Hmm.   As long as stripping can be to a particular quarantine directory ON 
>A PER FILENAME BASIS, then no, least ways, not as far as I am 
>concerned.  I'll be able to do everything I want under this schema:
>   Strip (to /wherever/quarantine) double extension files
>   Strip (to /dev/null) everything else on my current POISONED_EXTENSIONS
>   Mangle the remainder of the MANGLE_EXTENSIONS list
>   Allow everything else

More information about the esd-l mailing list