[Esd-l] ANN: Procmail Sanitizer 1.139 is released

John D. Hardin jhardin at impsec.org
Sun Sep 7 17:48:26 PDT 2003

Hash: SHA1

The procmail sanitizer has been updated. The current version is 1.139
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/WA:  http://eucleides.com/sanitizer/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
#EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-security.html
#AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
#AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/WA:  http://eucleides.com/sanitizer/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
#EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-sanitizer.tar.gz
#AU:     http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
#AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz

("commented out" mirrors are temporarily out-of-sync or unavailable)

0c636b1daf96bf12ca188059df43e952  html-trap.procmail
d29c4f6acfbdefed509d88f88f4cdbd3  html-trap.procmail.nomacroscan
2de26938631957065bdcfdf442d2f645  procmail-sanitizer.tar.gz

- From the changelog:
09/07/2003 (1.139)
Sanitize bare CR in message headers (Outlook bug).
Sanitize multiple null addresses (sendmail exploit).
Improve the UUE exclusion of the HTML defanger.
Permit spaces after MIME type in MIME headers.
Override csh use, as it is sanitizer-hostile.
Add Microsoft Office Suite VBE buffer overflow attacks to macro scanner.

The sanitizer home page is at

The archive of the sanitizer discussion list is at

Version: PGP 5.0
Charset: noconv


The Microsoft Office VBE BO attack detection is the primary attraction
of this release.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
                                  -- John C. Randolph <jcr at idiom.com>
   14 days until Galileo is deorbited

More information about the esd-l mailing list