[Esd-l] ANN: Sanitizer 1.133 released

John D. Hardin jhardin at impsec.org
Sun Jan 6 10:34:00 PST 2002

On Sat, 5 Jan 2002, Brett Glass wrote:

> >Can you give me a useful example of a backreference in a filespec?
> Any worm that generates names with repeating characters or patterns.
> There are a few; I was thinking of coding them in.

I have a testbed for that sort of thing. Give me a sample filename and
a suggested spec and I'll try it out. If it doesn't work I'll try to
get it to work.
> By the way, one feature I'd like to see in the "poisoned" list: a
> second field, after the file name, that lets you (optionally) tag
> the poisoned name with a message to be used when the name is
> discovered. This would be useful to identify worms to the
> administrator and/or a person receiving an automatic response.
> Right now, my local recipes generate such strings but the general
> poisoning mechanism does not.

In the 2.0 experimental code the format for the policy file includes a
slot for specifying a custom response file for a given spec. I'll
probably implement that soon as a more general solution rather than
just a single string.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  Monty Python's Star Trek Voyager:
  A successful trans-warp experiment turns Paris and Janeway into
  newts, but they get better.
  ...wait a minute... It's already been done...
   13 days until Babylon 5: the Legend of the Rangers

More information about the esd-l mailing list