[Esa-l]Re: URGENT - sample mail with vbs which passes your sanitizer

Chris Smith csmith at squiz.net
Thu May 10 15:54:14 PDT 2001


if ($ENV{"SECURITY_STRIP_MSTNEF"} && $hdrtxt =~ 
/^Content-Type:\s+application\/MS-TNEF/i) {   #\

Will this part do it? (This is in 1.128)... It seems to strip the TNEF 
attachment out (lines 719-728) & makes a security notice report.

Or am I missing something and need to switch something on somewhere else? :)

> On Thu, 10 May 2001 06:50:23 -0700 (PDT), John D. Hardin wrote:
> >Ouch.
> >
> >Okay, folks, it looks like it is happening. This HOMEPG worm appears
> >to be propagating as a TNEF attachment in some cases.
> >
> >The 1.0 sanitizer CANNOT sanitize this variant, as it does not peer
> >into TNEF attachments.
>
> John,
> Correct me if I'm wrong here, but turning on SECURITY_STRIP_MSTNEF will
> also prevent this particular avenue of attack, will it not? Murray Crane
> Sysadmin
> Longbridge International Plc

-- 

     Chris Smith
http://www.squiz.net



More information about the esd-l mailing list