[Esd-l] question on poisoning of file

Daniel Marois DMarois at zoom-media.com
Thu Apr 18 07:32:00 PDT 2002

Hi all,
I have a question regarding the poisoned file.  I tried a few things this
morning and I saw some files get through the sanitizer even if their
extension was in the poisoned list.

First I wanted to test the double extension and I sent myself a dummy file
named test.yxz.xya from another account and I received the file without even
the sanitizer seeing it (I checked in the log and no attachment were seen)
But test.pps.ppt and test.abc.exe was poisoned.

Next I tried a .wav that I blocked a while ago and again it went through

I also did a check with a regular .exe file and this one got poisoned.

I then add *.jpg in the poisoned list just to test the sanitizer and the
test got through unpoisoned.

I am a little surprised, I always tought that whatever I put in the poisoned
list will get poisoned.

I did some more testing and I found that all the poisoned names I put
without any wild card are fine but putting something line *.jpg or *.wav do
not work. However, the *.com and *.exe works ?!

All my tests were sent from a outlook 2000 in regular plain text format.

Does this have something to do with the way outlook encode the attachment
when it knows (or don't) the extension?
I find it strange that the sanitizer will not see some attachments like the
test.yxz.yxz and see others

thanks for any insight, and a BIG thanks for John for this incredible piece
of software!!

I am running the sanitizer 1.333 on a redhat 7
with parts of the latest poisoning file,
procmail v3.14 and sendmail v8.11.0

Daniel Marois
dmarois at zoom-media.com

More information about the esd-l mailing list