[Esd-l] question on poisoning of file
John D. Hardin
jhardin at impsec.org
Thu Apr 18 12:10:01 PDT 2002
On Thu, 18 Apr 2002, Daniel Marois wrote:
> First I wanted to test the double extension and I sent myself a
> dummy file named test.yxz.xya from another account and I received
> the file without even the sanitizer seeing it (I checked in the
> log and no attachment were seen)
Did you also add .xya to the MANGLE_EXTENSIONS variable? Poisoning and
stripping depend on that.
> I am a little surprised, I always tought that whatever I put in
> the poisoned list will get poisoned.
Not in the current version. Poisoning and stripping only apply to
mangled extensions + MS Office extensions (which are "special").
Future plans are to remove this dependency. See the development files
under http://www.impsec.org/email-tools/development/ for design
thoughts - comments are solicited.
> I did some more testing and I found that all the poisoned names I
> put without any wild card are fine but putting something line
> *.jpg or *.wav do not work. However, the *.com and *.exe works ?!
Huh. I'll have to take a look at that. It shouldn't poison an explicit
filename that does not have a MANGELE extension.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"They [media giants] have no idea how to do business with resourceful
human beings rather than passive vegetables. So they run to [the]
government for protection."
-- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
929 days until the Presidential Election
More information about the esd-l
mailing list