[Esd-l] Making procmail play "nice"
John D. Hardin
jhardin at impsec.org
Sat Sep 27 19:59:14 PDT 2003
On Sat, 27 Sep 2003, Brett Glass wrote:
> At 02:06 PM 9/27/2003, John D. Hardin wrote:
>
> >If a disposition header is present (QUARANTINE, DISCARD) there's
> >nothing for the perl script to do (e.g. it can't veto the quarantine
> >disposition) so it's skipped.
>
> As I understand it, the message is still searched for "poisoned"
> attachments, etc. This can (and does!) override the disposition
> specified in the local rule in the case of Swen. To keep the
> Sanitizer from doing this, you have to make a delivering recipe
> that logs the attack and sends the message off to /dev/null.
Nope. The conditions controlling whether the main perl script runs:
# MIME attachments and general header sanitizing
:0
* !$ ^X-Content-Security: \[${HOST}\] (QUARANTINE|DISCARD)
It does not run if a disposition header exists in the RFC822 headers.
Note, however, that the UUE checks *do* still take place. I overlooked
bypassing those.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
39 days until Matrix Revolutions
More information about the esd-l
mailing list