From jhardin at impsec.org Fri Jul 11 09:23:43 2014 From: jhardin at impsec.org (John Hardin) Date: Fri, 11 Jul 2014 09:23:43 -0700 (PDT) Subject: [esa-l] Procmail Sanitizer updates Message-ID: Folks: In the immortal words of the peasant in the plague-ridden medieval English village: "I'm not dead yet!" While development of the sanitizer has greatly slowed since 2006, I am still using it in production and I am still modifying it from time to time as the nature of email and exploits change. The most recent modification is a change to the Office macro scanner code to detect and score Office documents that attempt to download malware off the Internet. This change detects an Office document attack I received a few days ago that is getting essentially zero antivirus detection at this point. If you are still using the sanitizer, please consider visiting the website and downloading the development snapshot. It is stable even though it has not been officially released - it's been in continuous production use on my mailserver for years. http://impsec.org/email-tools/procmail-security.html And I am still here, please don't hesitate to get in touch. (Now to see how many unsubscribes this generates...) -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- What nuts do with guns is terrible, certainly. But what evil or crazy people do with *anything* is not a valid argument for banning that item. -- John C. Randolph ----------------------------------------------------------------------- 5 days until the 69th anniversary of the dawn of the Atomic Age