anomy-list

Announcing sanitizer.pl, revision 1.44

From: Bjarni R. Einarsson (23829@xyz.molar.is)
Date: Thu 11 Oct 2001 - 19:45:08 UTC

  • Next message: Javier A. Del Pino Coronel: "sanitizer with Solaris 8"

    Finally, finally...

    First of all: I didn't have time to go through my entire incoming patch
    collection, so stuff some of you have contributed isn't in this
    release, although I promised that it would be. Sorry about that!

    Also, since this release contains quite a few relatively important bug
    fixes - including one bug which could cause attachment corruption - I
    decided to rush it out without updating all the documentation. Again,
    sorry.

    Hopefully I'll make a 1.45 release soon to address these issues.

    Highlights in this release:

      - Mangling of cid: URLs. This is necessary, since a CID which looks
            like a file name will be treated like a filename by all unpatched
            Explorer-based HTML renderers (recent Eudoras and Outlooks, to name
            the biggies). So people could send you an executable named
            blah.jpg, with the content-ID blah.exe - and Explorer would happily
            execute it without even asking for permission. Big hole.

            The downside is, my CID: defanging is way too aggressive - it
            causes way too many false positives, and unfortunately has the
            drawback of making attachments appear to "vanish" in certain
            mailers which don't provide an icon for the file, but count on the
            HTML to display it instead (which it doesn't do because I mangle
            the CID: url).

            This is pretty high on my list of Things I Need To Fix For Work, so
            hopefully it'll be addressed within the next few releases.

      - Fixed a very stupid bug in the scanner plugin code.

      - Fixed a bad bad bug in the Base64 code, which would corrupt some
            files if people were using "feat_log_inline = 2".

      - Fixed a bug in the boundary ambiguity-handling code.

      - Added a bunch of little features for us hacker types, see the
            CHANGELOG file for detauls.

    Enjoy!

    Also: My employer's virus scanner F-Prot is now available for free
    (as a beta release) for the Linux platform. It should work great
    with the Sanitizer. See http://www.frisk.is/ for info. We could
    use your feedback. :-)

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     23829@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/



    hosted by molar.is