[Esd-l] FW: [Full-Disclosure] Bypassing SMTP Content
Protection with a Flick of a Button
John D. Hardin
jhardin at impsec.org
Sat Sep 14 09:20:01 PDT 2002
On Fri, 13 Sep 2002, Zilvinas Atkociunas wrote:
> John D. Hardin wrote:
> >
> > The trivial solution is to block message/partial MIME types.
> >
> > I suppose this increases the priority of MIME type support in the
> > poison list...
>
>
> Sorry for a dumb question: How can it be achieved ?
The sanitizer needs to pull out the MIME type in addition to the
filename, and check it against the poison or strip lists.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
95 days until The Two Towers
More information about the esd-l
mailing list