[Esa-l] ANN: Sanitizer update

John D. Hardin jhardin at wolfenet.com
Sat Feb 3 10:32:05 PST 2001

Hash: SHA1

The procmail sanitizer has been updated. The current version is 1.127
It is available via:

US:  http://www.impsec.org/email-tools/procmail-security.html
US:  ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
EU:  ftp://kanon.net/pub/jhardin/antispam/procmail-security.html

- From the changelog:

02/03/2001 (1.127)
Added the <LAYER> tag to HTML defanging; this is
primarily of interest to people running webmail programs.
The sanitizer now recurses into multipart attachments in addition to
RFC822 attachments; the only hole left now is defanging BASE64-encoded
HTML attachments.
If a file attachment does not have a filename specified, a default
filename will be provided; this should prevent some social-engineering
attacks on Outlook users.
Modified the Office Macro scanner a bit; some code used in
default-template infector macros was being ignored, and some false
positives were being generated.

The sanitizer home page is at

Version: PGP 5.0
Charset: noconv


 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The question of whether people should be allowed to harm themselves
  is simple. They *must*.
                                  -- Charles Murray
   7 days until she returns

More information about the esd-l mailing list