[Esd-l] Gap in Sanitizer Protection?

John D. Hardin jhardin at impsec.org
Wed Nov 20 10:50:00 PST 2002

On Wed, 20 Nov 2002, Stephen Sloan wrote:

> The Sanitizer let through a Word document without defanging the
> file name. The file name had two spaces in it, ie.
> xx xxx xxxx.doc
> Do the spaces account for why the filename was not defanged?

No, embedded spaces should not cause a problem. What version of the
sanitizer are you using?

Do you have a copy of the original message so that I can see the
headers? If so, zip it up and send it to me. If you want to generate a
"safe" sample document that exhibits the problem, that's fine. I don't
care about the document itself, just the message headers.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
   28 days until The Two Towers

More information about the esd-l mailing list