[Esd-l] ANN: Email Sanitizer 1.144 released

John D. Hardin jhardin at impsec.org
Wed Jul 28 18:26:12 PDT 2004

Hash: SHA1

The procmail sanitizer has been updated. The current version is 1.144
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/WA:  http://eucleides.com/sanitizer/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
#EU/NO:  http://oftedal.no/~jhardin/email-tools/procmail-security.html
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/WA:  http://eucleides.com/sanitizer/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
#EU/NO:  http://oftedal.no/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz

("commented out" mirrors are temporarily out-of-sync or unavailable)

b27ab0472f9d5f68be5e106d9ff59262  html-trap.procmail
c2d5cb20d173f6f5c15ed6f17a99b767  html-trap.procmail.nomacroscan
e5a09dc262a697e4f27c6a5fb353dfd0  procmail-sanitizer.tar.gz

- From the changelog:
07/28/2004 (1.144)
Fix subject line on recipient notification if message was discarded (Thanks to Joe Steele).
Defang webbugs in table elements.
Defang additional HTML tags.
Add $SPOOFED_SENDER handling option for reply control.
Minor bugfix in ZIP file detection and scanning.
Trap poorly-formed BASE64-encoded ZIP attachments (short lines).
Fix bug in BASE64-encoded zipfile decoding.

NOTE: Please either update to this version or apply the
1.139 Smarter-Reply patch from the website. The stock 1.139
sanitizer responds to attack messages with forged sender
addresses. This generates a great deal of useless email

The sanitizer home page is at

The archive of the sanitizer discussion list is at

Version: PGP 5.0
Charset: noconv


 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The [assault weapons] ban is the moral equivalent of banning red
  cars because they look too fast.
                                   -- Steve Chapman, Chicago Tribune
   47 days until the "Scary-Looking Guns" ban expires

More information about the esd-l mailing list