[Esd-l] Email Sanitizer identify zip as Office attachments

John D. Hardin jhardin at impsec.org
Wed Apr 21 14:19:02 PDT 2004

On Wed, 21 Apr 2004, mikechiarappa at libero.it wrote:

> For test I have sended an email with the attach file
> [fakevirus.zip] and have noted in [procmail.log] this row:
> Checking Office document "=?iso-8859-1?Q?fakevirus.zip?=" for poisoning.  

> Seems that Sanitizer don't recognize attachment as a zip file
> but as an Office file.

Yeah, the encoding appears to have confused it. Thanks, I'll fix that
tonight. Grab the development snapshot tomorrow.


 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  Bush? Kerry? I'm so sick of our elections always being "choose the
  lesser of two evils."
   195 days until the Presidential Election

More information about the esd-l mailing list