[Esa-l] ANN: Sanitizer 1.130 released

John D. Hardin jhardin at impsec.org
Sat Sep 8 13:45:01 PDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.130
It is available via:

US:  http://www.impsec.org/email-tools/procmail-security.html
NO:  http://jhardin.oftedal.no/email-tools/procmail-security.html
AU:  http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU:  http://impsec.fuzzitech.net/~jhardin/email-tools/procmail-security.html

- From the changelog:

09/08/2001 (1.130)
Moved the embedded "attachment mangled" and "TNEF stripped" texts to
environment variables to improve customizability and reduce the size of the
Sanitizer perl script; see $POISONED_WARNING and $TNEF_WARNING.
Added $SECURITY_DEFANG_SIGNED to allow defanging of signed messages if
you're willing to accept that they will fail the signature check.
Added $SECURITY_TRUST_HTML to disable HTML defanging.
Moved encoded-character decoding to earlier in the HTML defanging process,
so that an obscured tag like "<SCR&amp;#73;PT>" will be properly defanged.
Added defanging of the <LINK> tag.
Added support for mangling and poisoning files with Microsoft Class-ID
extensions.
Added a check for "already quarantined", so that if your local-rules
script has marked a message to be quarantined the main sanitizer perl
script will be skipped - this saves time processing the message.
Various changes in coding to reduce the size of the sanitizer Perl script -
it should now work successfully on AIX and other OSes with relatively small
command-line size limits. ("Relatively small" he says... :)
Added attempt to defang background images in case they are used as webbugs.
Added a version with the macro scanning code removed to save space and
time if it's not being used.

IMPORTANT NOTE: If you want to mangle CLSID filenames (a good idea) you
MUST update to 1.130 - putting the CLSID regexp into $MANGLE_EXTENSIONS
will wedge a pre-1.130 sanitizer.

The opt-out processor is still cooking. I just realized that the suggested
code clears defaults. Otherwise it would have been included in this
announcement.

The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html


-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBO5p0vdgi5ua4cy55EQKZ3ACeLB41nxe6KjHKyRtMiK14ahqwipYAoK/R
NifEC7Ufc0J4XXQe+In/eyOl
=8/C+
-----END PGP SIGNATURE-----

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1151 days until the Presidential Election



More information about the esa-l mailing list