[Esd-l] Important vulnerability to watch for in e-mail scanners/sanitizers

John D. Hardin jhardin at impsec.org
Tue Apr 2 19:47:00 PST 2002

On Tue, 2 Apr 2002, Brett Glass wrote:

> >The MS-Windows operating system on the
> >other hand disregards a dot at the end of a file name. When Windows is
> >given a file name ending with a dot, it will automatically remove the
> >dot from the file name extension. When Outlook or Outlook Express
> >receives a file name that ends with a dot, it will present the dot, but
> >will launch the appropriate application when the file is double-clicked,
> >as if the dot does not exist.

Sigh. Why does this not surprise me? I suppose it behaves the same way
with trailing spaces. Anyone care to wager?

I suppose I'll add the option to ignore or strip from filenames ANY
trailing punctuation marks or whitespace. Or rather, default to doing
so and an option to suppress that so that the sanitizer "fails

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "They [media giants] have no idea how to do business with resourceful
  human beings rather than passive vegetables. So they run to [the]
  government for protection."
                    -- Doc Searls on the SSSCA, in Linux Journal
   945 days until the Presidential Election

More information about the esd-l mailing list