[Esd-l] Html-trap and received mail from yahoo.com
buckeye+htmltrap at machlink.com
Fri May 17 05:03:01 PDT 2002
I have the following:
html-trap.procmail version 1.128
procmail version 3.15
Sparc 20 running Solaris 2.6
I have started using a script called fetchyahoo.pl which I found at
http://www.freshmeat.net to grab email from my yahoo.com account. I
believe the email is being run through the sanitizer but for some
reason, it is not seeing programs that are included in this email.
For example, late last night, I received this (just the headers and a
>From "tdre"_<tdre at alsrn.o> Thu May 16 23:25:23 2002
X-Apparently-To: fhahn at yahoo.com via web13508.mail.yahoo.com; 16 May
2002 20:48:11 -0700 (PDT)
Return-Path: <mrshekar at earthlink.net>
Received: from hawk.mail.pas.earthlink.net (22.214.171.124)
by mta465.mail.yahoo.com with SMTP; 16 May 2002 20:48:10 -0700 (PDT)
Received: from user-0c8h15n.cable.mindspring.com ([126.96.36.199]
by hawk.mail.pas.earthlink.net with smtp (Exim 3.33 #2)
for fhahn at yahoo.com; Thu, 16 May 2002 20:48:07 -0700
From: "tdre" <tdre at alsrn.o>
To: fhahn at yahoo.com
Subject: So cool a flash,enjoy it
Message-Id: <E178Yit-0001qK-00 at hawk.mail.pas.earthlink.net>
Date: Thu, 16 May 2002 20:48:07 -0700
This is a multi-part message in MIME format...
Content-Type: text/html; name="file.html"
Content-Disposition: attachment; filename="file.html"
<DEFANGED_iframe src=cid:L1B31MD7Eg height=0 width=0>
Content-Type: application/octet-stream; name="align.exe"
Content-Disposition: attachment; filename="align.exe"
In my poison file, I have "*.exe" and it was not quarantined. I also
have "*.scr" and received an email a few days previous to this from
yahoo.com and it was not quarantined either.
This is what I have in my .procmailrc file:
# Settings for html-trap.procmail
# Finished setting up, now run the sanitizer...
# Reset some things to avoid leaking info to
# the users...
Every improvement in communication makes the bore more terrible.
-- Frank Moore Colby
More information about the esd-l