[Esd-l] Fw: .com file which passed thru the sanityzer

Joe Steele joe at madewell.com
Mon Nov 24 12:36:10 PST 2003

On Monday, November 24, 2003 10:38 AM, Juan Maria Gil wrote:
> Today we have received some emails from a security test sent to us by SecurityMetrics,
> eveyone of the executables were sanitized but one.
> This is the significative parts of this message:


> Content-Disposition: attachment; filename="eicar.=?ISO-8859-1?Q?c?= =?ISO-8859-1?Q?o?=
> =?ISO-8859-1?Q?m?="

The attachment used an encoded filename.  To quote John Hardin: 
"Encoded filenames are a known weakness in the current version. I 
don't know if I will be able to add encoded filename handling soon."

There was a thread on this issue about 5 months ago which discussed 
solutions using local rulesets.  However, the solutions are rather 
simplistic and may not be acceptable for persons who frequently need to 
use filenames containing non US-ASCII characters.  The thread subject 
was "procmail sanitizer and 8-bit attachments":



More information about the esd-l mailing list