From jhardin at wolfenet.com  Tue Nov  9 22:12:17 1999
From: jhardin at wolfenet.com (John D. Hardin)
Date: Mon Dec 26 10:17:41 2005
Subject: [esa-l] ANN: Sanitizer update
Message-ID: <Pine.LNX.4.10.9911092208290.9352-100000@gypsy.rubyriver.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The procmail sanitizer has been updated. The current version is 1.94
It is available via http://www.wolfenet.com/~jhardin/procmail-security.html

- - - From the News section of the home page:

11/09/99 Fixed another DoS bug tickled by MIME filenames containing certain
Perl regular expression characters - for example, filename="file (1).exe"
would cause an infinite loop.

News flash:
<A HREF="http://www.securityfocus.com/level2/bottom.html?go=vulnerabilities&id=775">Microsoft
Outlook and Outlook Express are now subject to Active HTML trojan horse
attacks</A>. Make sure your email clients have scripting disabled.

-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBOCj+etgi5ua4cy55EQLkBACg5o4xS1SdPU2LFyqVg/EJJZNXNqEAoOsN
KBtCLDU9ezDKvM0XqviyV3A6
=3Dnj
-----END PGP SIGNATURE-----

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin@wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Monty Python's Star Trek Voyager:
  A successful trans-warp experiment turns Paris and Janeway into
  newts, but they get better.
  ...wait a minute... It's already been done...
-----------------------------------------------------------------------
   8 days until Leonid meteor shower


--------------------------------------------------------------------------
To remove yourself from the Email-Security-Announce list, send a message
with the subject of "unsubscribe" to esa-l-request@spconnect.com.

From jhardin at wolfenet.com  Sun Nov 14 17:11:54 1999
From: jhardin at wolfenet.com (John D. Hardin)
Date: Mon Dec 26 10:17:41 2005
Subject: [esa-l] Status update: Bubbleboy
Message-ID: <Pine.LNX.4.10.9911141700090.24997-100000@gypsy.rubyriver.com>


Bubbleboy isn't that interesting; it's an embedded VBScript script
that makes use of a hole in an ActiveX control to write another
VBScript script into the user's startup folder. The sanitizer defangs
it effectively, preventing execution.

Bubbleboy source code is available via:

   http://www.virusexchange.org/tally/author.html

which has a link to the website of the author, "Zulu".

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin@wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Monty Python's Star Trek Voyager:
  A successful trans-warp experiment turns Paris and Janeway into
  newts, but they get better.
  ...wait a minute... It's already been done...
-----------------------------------------------------------------------
   3 days until Leonid meteor shower



--------------------------------------------------------------------------
To remove yourself from the Email-Security-Announce list, send a message
with the subject of "unsubscribe" to esa-l-request@spconnect.com.