[Esd-l] Fw: .com file which passed thru the sanityzer

Joe Steele joe at madewell.com
Mon Nov 24 12:36:10 PST 2003


On Monday, November 24, 2003 10:38 AM, Juan Maria Gil wrote:
> Today we have received some emails from a security test sent to us by SecurityMetrics,
> eveyone of the executables were sanitized but one.
> This is the significative parts of this message:

[snip]

> Content-Disposition: attachment; filename="eicar.=?ISO-8859-1?Q?c?= =?ISO-8859-1?Q?o?=
> =?ISO-8859-1?Q?m?="

The attachment used an encoded filename.  To quote John Hardin: 
"Encoded filenames are a known weakness in the current version. I 
don't know if I will be able to add encoded filename handling soon."

There was a thread on this issue about 5 months ago which discussed 
solutions using local rulesets.  However, the solutions are rather 
simplistic and may not be acceptable for persons who frequently need to 
use filenames containing non US-ASCII characters.  The thread subject 
was "procmail sanitizer and 8-bit attachments":

http://www.spconnect.com/pipermail/esd-l/2003q2/thread.html#4203

--Joe



More information about the esd-l mailing list