[Esd-l] Stripping Attachments?
paul at cuenet.com
Sun Jan 13 14:28:00 PST 2002
On Sun, 13 Jan 2002, John D. Hardin wrote:
> Stripping "all except" is not easy in the current incarnation of the
> sanitizer. When the newer policy files model is implemented, you'd be
> able to code something like:
Well I was able to do it with things as is, an easier way might be
> NB: .eml is hazardous, as it's typically base64 encoded and thus not
> (yet) subject to defanging or attachment rules. Also note that .rtf
> doesn't necessarily mean what you think. There was a Word virus a
> while back that saved things in .DOC format files with .RTF filenames,
> thus permitting them to contain macro viruses even though .RTF is not
> macro-enabled. Word doesn't care, it'll happily open the file
> regardless of the filename.
Heh, well this whole little project was insisited on me against my
protests, better judgement and general common sense. Apparently the
mailing list in question is populated with technophobes and blue-haired
old ladies that will have their self-esteem traumatized should someone
ask them to not send various file types to the list as well as asking
them to turn of html in their email program for email bound to the
address of the list. This is truely the wrong solution for all the
wrong reasons, but if the customer isn't 'right', the customer does
However this last week in particular I have been overwhelmed with similar
troubles of people crowding onto the 'net who are insulted if you ask
them to manage their own email programs.
Thanks for your efforts!
"Yesterday's the past and tomorrow's the future. Today is a gift - which
is why they call it the present."
More information about the esd-l