[Esa-l] ANN: Sanitizer update

John D. Hardin jhardin at wolfenet.com
Tue Sep 19 14:19:30 PDT 2000

Hash: SHA1

The procmail sanitizer has been updated. The current version is 1.118
It is available via:

US: http://www.impsec.org/email-tools/procmail-security.html
US: ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
CAN: ftp://netserv.on.ca/pub/jhardin/antispam/procmail-security.html
EU: ftp://kanon.net/pub/jhardin/antispam/procmail-security.html

- From the News section of the home page:

Added .DLL, .MDA and .MDW to the default mangle list - if you are maintaining
custom mangle lists, you should update them. You probably also want to add
*.DLL to your poisoned-attachments list.
Modified the macro scanner slightly to reduce the chance of false positives on
Excel spreadsheets.
Added From:, Status:, X-Status: and X-Keywords: to the excessively-long headers
check since UW IMAP is vulnerable to overflows in these.
Increased the Excessively Long Header length to 512 characters to further
reduce false positives.

Also, the sanitizer, home page, gateway nano-HOWTO and a list of poisoned
filespecs is now available as a tarball.

The sanitizer home page is moving to

Version: PGP 5.0
Charset: noconv


 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
   40 days until Daylight Savings Time ends

More information about the esd-l mailing list