[Esd-l] Re: Yves Agostini's script

Agostini yves agostini at univ-metz.fr
Thu Feb 26 01:13:15 PST 2004

Le mar 24/02/2004 ` 22:23, Smart,Dan a icrit :
> I have a question about Yves's script...
> The MANGLE return is set if the zip file only contains poisoned executables,
> however this is only setting MANGLE_EXTENSIONS='zip'.  This isn't enough to
> actually block zip files, as the extension must be in either the "poisoned"
> or "stripped" too, right?  
> If zip is in either poisoned or stripped, this script isn't necessary, as
> all zips will be blocked.
> Why not set this to discard too?
Sorry I was really busy, and I don't read all mail from the list ...
I will try to reply to Dan :

procmailrc is read by procmail for each mail to be delivered and same
think for testzip.pl.
Well, the alone setting of MANGLE_EXTENSIONS='zip' is an easy way (tips
?) to mangle (rename attachement) only the current mail.
MANGLE_EXTENSIONS="$MANGLE_EXTENSIONS|zip" should be better but I don't
test it.

In testzip.pl, if files looks like .exe, .pif, .com ... (see the 21
first lines of  poisoned-files) zip is "mangled" 
else for files "hardcore.exe","wtc.exe", double extensions ... other
more explicit lines from poisoned-files, the current mail is rejected.

But there's some good ideas on the futur release,
 - specific ZIPPED_FILES
 - only use CPAN 
John I saw Archive::Zip in CPAN which is package on debian 
I will try to test it today if it can only read files names of the zip

AGOSTINI Yves			CRIUM - Universiti de Metz
agostini at univ-metz.fr 		http://www.crium.univ-metz.fr
tel: 03 87 31 52 63 		fax: 03 87 31 53 33	
Bureau:   http://www.mim.univ-metz.fr/contact/anim1.html

More information about the esd-l mailing list