[Esd-l] ANN: Procmail Sanitizer 1.134 released

John D. Hardin jhardin at impsec.org
Sun Apr 21 16:51:01 PDT 2002

Hash: SHA1

The procmail sanitizer has been updated. The current version is 1.134
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/FL:  http://stonewall.lbhs.net/~jhardin/email-tools/procmail-security.html
EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/FL:  http://stonewall.lbhs.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz

- From the changelog:

Customize the MTA command line, to allow for newer sendmail command
 line options and non-sendmail MTAs: $MTA_FLAGS_CMDLN and
Mangle MIME types in deferred headers if appropriate.
Improve encoded-filename handling.
Set Errors-To: header.
Put the version number in the $NOTIFY message.
Fix no-LOGFILE-breaks-UUE-sanitization bug.
Defang quotes-in-extension Outlook attack.
Add WMA and WMV to mangled executable extensions, per bugtraq.
Fix trailing periods in addition to trailing whitespace - Windows drops
 trailing periods from filenames without warning.
Work around memory allocation error in procmail v3.22.
Add the OnContextMenu and OnDragStart events to HTML
Improved recipient address parsing for logs and bounce messages.
Minor procmail efficiency enhancements.

The sanitizer home page is at

The archive of the sanitizer discussion list is at

Version: PGP 5.0
Charset: noconv


 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "They [media giants] have no idea how to do business with resourceful
  human beings rather than passive vegetables. So they run to [the]
  government for protection."
                    -- Doc Searls on the SSSCA, in Linux Journal
   926 days until the Presidential Election

More information about the esd-l mailing list