[Esd-l] Can't get Procmail-security to work...
Chris Payne
cpayne at pr.uoguelph.ca
Sun Oct 28 20:22:01 PST 2001
I too have seen people sending MS Word docs to our users
in a bizarre manner...
filename: jdoe at domain.com.resume.doc
What the heck is this? It turns out to be a new applicants'
resume, and it gets poisoned by the standard rules. I don't
mind poisoning the files if this is the senders fault for
bad filenames though.
Chimpanzee's shouldn't own computers.
- Chris Payne
--
Chris Payne
cpayne at pr.uoguelph.ca
jhardin at impsec.org wrote:
> On Thu, 25 Oct 2001, Brett Glass wrote:
>
> > Here's a "poisoned" file that we have used with John's sanitizer.
> > Note that it does produce the occasional "false positive," most
> > often when users naively use an attachment file name such as
> > "Plan.rev.doc". But the security is well worth it.
> >
> > --Brett
> >
> > *.[a-z][a-z][a-z0-9].[a-z0-9]+
>
> I've been bothered by the same thing for a while.
>
> I'm considering changing the default poisoned list to something like:
>
> *.[a-z][a-z][a-z0-9].(com|exe|bat|pif|dll|etc...)
>
> so that multiple-extension documents don't automatically get poisoned.
>
> Any comments?
>
> --
> John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
> jhardin at impsec.org pgpk -a finger://gonzo.wolfenet.com/jhardin
> 768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
> 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
> does quite what I want. I wish Christopher Robin was here."
> -- Peter da Silva in a.s.r
> -----------------------------------------------------------------------
> Tomorrow: Daylight Savings Time ends
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
>
>
More information about the esd-l
mailing list