[Esd-l] (not) mangling ".bat" files

John D. Hardin jhardin at impsec.org
Thu Jul 11 07:00:01 PDT 2002


On Thu, 11 Jul 2002, Robert Trebula wrote:

> I have verified that all messages named ".exe", ".bat" and so on
> bypass the sanitizer without being defanged or marked as poisoned.
> Tested on the newest html-trap.procmail.
> 
> I think this is a serious issue because windows handle such files
> like all other executable files.

Thanks for the report.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
-----------------------------------------------------------------------
   316 days until The Matrix Reloaded



More information about the esd-l mailing list