[Esd-l] ANN: Procmail sanitizer 1.141 is released

John D. Hardin jhardin at impsec.org
Mon Mar 1 12:14:16 PST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.141
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/WA:  http://eucleides.com/sanitizer/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
#EU/NO:  http://oftedal.no/~jhardin/email-tools/procmail-security.html
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/WA:  http://eucleides.com/sanitizer/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
#EU/NO:  http://oftedal.no/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz

("commented out" mirrors are temporarily out-of-sync or unavailable)

7488a56f2594c8d18c29467d92c9a92b  html-trap.procmail
036087311c82c4830e107ff2fb8ba88a  html-trap.procmail.nomacroscan
832a6915312aff2a310379f01d41b893  procmail-sanitizer.tar.gz

- From the changelog:
03/01/2004 (1.141)
Add scan of ZIP archive attachment index for suspicious files,
quarantine message if found, and options to set ZIP archive policy
(ZIPPED_EXECUTABLES, DISABLE_ZIP_SCAN, ZIPPED_WARNING,
ZIP_MAGIC_WARNING); this also makes the standard POISONED_EXECUTABLES and
STRIPPED_EXECUTABLES lists work for ".zip" attachment filenames.
Reduce false-positives in Windows Magic scanner.
Partial support for CPAN Perl modules instead of external programs for
attachment scanning (USE_CPAN, PVT_CPAN).
Moved the Macro Poison warning text out of the script (MACRO_WARNING).


NOTE: Please either update to this version or apply the
1.139 Smarter-Reply patch from the website. The stock 1.139
sanitizer responds to NovArg/MyDoom attack messages, which
forge the sender address. This generates a great deal of
useless email.


The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html

The archive of the sanitizer discussion list is at
http://www.spconnect.com/mailman/listinfo/esd-l



-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBQEM4HNgi5ua4cy55EQJy2wCfez/FvCZ7MMpyas1L4c+WB7KTtu0AoNQa
4UW29TMMrEh1E8KXn1wBLzxA
=7NMb
-----END PGP SIGNATURE-----

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
   33 days until the Slovakian Presidential Election


More information about the esd-l mailing list