[Esd-l] PPS got thru the sanitizer
Bjarni R. Einarsson
bre at klaki.net
Wed Sep 26 18:34:00 PDT 2001
On 2001-09-25, 20:10:17 (+0100) Simeon W Farrington wrote:
> Hi Rick
>
> Seems a little odd - I know for certain that I received a .pps file the
> other day, and it certainly did get mangled, not that it helps you of
> course :-( The set up I have is absolute vanilla at the moment, except for
> an addition of wtc.exe in the poisoned-files list.
My guess is someone sent Rick a .pps attachment where the filename
was for some reason base64 or quoted-printable encoded in the header,
thus slipping by John's filter. The following are all valid (if a
bit silly) ways to represent the filename for an attachment
"test.pps":
... filename="test.pps";
... filename="=?ISO-8859-1?Q?test.%70ps?=";
... filename="=?ISO-8859-1?B?dGVzdC5wcHM=?=";
As far as I can tell from reading the source, John's current code
would only recognize the first variant, but most email clients will
happily recognize them all. This sort of problem is one of the main
reasons I went off and wrote the Anomy Sanitizer.
Of course, I could be completely wrong here. :-)
--
Bjarni R. Einarsson PGP: 02764305, B7A3AB89
bre at klaki.net -><- http://bre.klaki.net/
Check out my open-source email sanitizer: http://mailtools.anomy.net/
More information about the esd-l
mailing list