[Esa-l] ANN: Sanitizer update - 1.129

John D. Hardin jhardin at wolfenet.com
Sun Apr 15 09:15:53 PDT 2001


Sorry this took so long...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.129
It is available via:

US:  http://www.impsec.org/email-tools/procmail-security.html
EU:  ftp://kanon.net/pub/jhardin/antispam/procmail-security.html
AUS: http://grebopple.accessunited.com.au/email-tools/procmail-security.html

- From the changelog:

04/14/2001 (1.129)
Detect and truncate Subject: headers longer then 250 characters, to
protect Outlook Express users.
Add VCF and NWS to the default MANGLE_EXTENSIONS list.
Only defang HTML in message body, to avoid defanging email addresses
like < meta.smith at example.org >.
Change macro scanner to allow detailed reporting of what it finds; if
you add SCORE_DETAILS=YES to your sanitizer configuration, the
sanitizer will now tell you why it is considering a document to be
poisoned - thanks to Brian D. Hanna for the original version of this.
Modified macro score logging to include the recipient name (only
meaningful if the sanitizer is running on the same system as the user
mailboxes) - thanks to Peter Burkholder for his patch.
Changed default filename to "default.txt" to try to force Windows to
treat it safely.
Fixed the REPORT bug from 1.128.
Changed the canned reply text a bit to make it more clear that
security policy can involve more than just a virus scanner.

The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html


-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBOtm6x9gi5ua4cy55EQLPpwCg4LgHoKmqUn6E8aNDWoPPiRBACbIAoJz1
UHjLWw+H0G5ocXWN0JZrUSJv
=pVNo
-----END PGP SIGNATURE-----

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  An entitlement beneficiary is a person or special interest group
  who didn't earn your money, but demands the right to take your
  money because they *want* it.
                                  -- John McKay, _The Welfare State:
                                     No Mercy for the Middle Class_
-----------------------------------------------------------------------
   1297 days until the Presidential Election




More information about the esd-l mailing list