[Esd-l] Email Sanitizer identify zip as Office attachments

John D. Hardin jhardin at impsec.org
Wed Apr 21 14:19:02 PDT 2004


On Wed, 21 Apr 2004, mikechiarappa at libero.it wrote:

> For test I have sended an email with the attach file
> [fakevirus.zip] and have noted in [procmail.log] this row:
>   
> Checking Office document "=?iso-8859-1?Q?fakevirus.zip?=" for poisoning.  

> Seems that Sanitizer don't recognize attachment as a zip file
> but as an Office file.

Yeah, the encoding appears to have confused it. Thanks, I'll fix that
tonight. Grab the development snapshot tomorrow.

Sorry!

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Bush? Kerry? I'm so sick of our elections always being "choose the
  lesser of two evils."
-----------------------------------------------------------------------
   195 days until the Presidential Election


More information about the esd-l mailing list