[Esd-l] question on poisoning of file

John D. Hardin jhardin at impsec.org
Thu Apr 18 12:10:01 PDT 2002

On Thu, 18 Apr 2002, Daniel Marois wrote:

> First I wanted to test the double extension and I sent myself a
> dummy file named test.yxz.xya from another account and I received
> the file without even the sanitizer seeing it (I checked in the
> log and no attachment were seen)

Did you also add .xya to the MANGLE_EXTENSIONS variable? Poisoning and
stripping depend on that.

> I am a little surprised, I always tought that whatever I put in
> the poisoned list will get poisoned.

Not in the current version. Poisoning and stripping only apply to
mangled extensions + MS Office extensions (which are "special").

Future plans are to remove this dependency. See the development files
under http://www.impsec.org/email-tools/development/ for design
thoughts - comments are solicited.

> I did some more testing and I found that all the poisoned names I
> put without any wild card are fine but putting something line
> *.jpg or *.wav do not work. However, the *.com and *.exe works ?!

Huh. I'll have to take a look at that. It shouldn't poison an explicit
filename that does not have a MANGELE extension.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "They [media giants] have no idea how to do business with resourceful
  human beings rather than passive vegetables. So they run to [the]
  government for protection."
                    -- Doc Searls on the SSSCA, in Linux Journal
   929 days until the Presidential Election

More information about the esd-l mailing list