[Esd-l] Poison Files
John D. Hardin
jhardin at impsec.org
Sat Jan 18 09:36:01 PST 2003
On Sat, 18 Jan 2003, Scott Taylor wrote:
> >Something like:
> >
> >Checking "10th July 2002 claire.doc.scr" for poisoning.
> > Checking against ".*\.asd(\?=)?$"
> > Checking against ".*\.bat(\?=)?$"
> > Checking against ".*\.chm(\?=)?$"
> > Checking against ".*\.com(\?=)?$"
> > Checking against ".*\.cil(\?=)?$"
> > Checking against ".*\.dll(\?=)?$"
> > Checking against ".*\.hlp(\?=)?$"
> > Checking against ".*\.hta(\?=)?$"
>
> Nothing like that at all John. I see a lot of Perl code, the log
> for single test is 23K of mostly Perl code.
Yeah, unfortunately turning on verbose logging also logs the script.
All of the logging from the script processing would appear after the
script itself gets logged.
If you process an email with a file attachment whose extension is in
the MANGLE list, you *should* see the script checking that filename
against all of the filespecs in the STRIP and POISON lists.
If you don't then either (1) the extension isn't in the MANGLE list,
or (2) the script doesn't think there are STRIP or POISON lists.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The fetters imposed on liberty at home have ever been forged out
of the weapons provided for defense against real, pretended, or
imaginary dangers from abroad.
-- James Madison, 1799
-----------------------------------------------------------------------
654 days until the Presidential Election
More information about the esd-l
mailing list