anomy-list

Announcing sanitizer.pl, revision 1.45

From: Bjarni R. Einarsson (26588@xyz.molar.is)
Date: Wed 12 Dec 2001 - 18:12:59 UTC

  • Next message: Bjarni R. Einarsson: "Re: Attachments with spaces in the filename."

    Yet another long-overdue release. :-)
    Get it from here:

      http://mailtools.anomy.net/dist/anomy-sanitizer-1.45.tar.gz

    The changelog entry for this release follows in it's entirety - lots
    of stuff changed.

    I've been swamped in work and have totally lost track of my incoming
    patch/contrib submisions. Those of you who submitted useful stuff to
    me and don't see it in this release, please bear with me and resubmit.
    Sorry. :-/

    In other news, I'm happy to verify that the Sanitizer has (at least
    for me) lived up to it's promise of blocking direct, email-based
    attacks as well as the usual worms and viruses. A few days after the
    BadTrans outbreak, a message was sent to me which was formatted like
    BadTrans (tried to expoit the same Outlook auto-execution bug), but
    contained a completely unknown payload (no antivirus programs I had
    access to recognized it at the time). It's since been added to
    F-Prot's database as W32/HLLW.Explo, I don't know about the other
    vendors.

    Basically, someone tried to send me some trojan or "rootkit" and the
    Sanitizer blocked it. I thought it was pretty cool to have this
    "theoretical" benefit of the Sanitizer verified in this way. :-)

    Anyway, the changelog:

    Revision 1.45:

        WARNING: Scoring works again - but not like it used to!
        WARNING: The default configuration has been updated quite a bit,
                  and does some NEW THINGS. You have been warned.

        Most test cases were modified for this release (I've gotta start
        releasing things more often...).

        Almost complete rewrite of HTML sanitization code, to switch from a
        default-allow to default-deny strategy. Primary benefits:

          - Old problem with <style> blocks becoming visible solved.
          - Rudimentary support for simple (safe) style markup.
          - Defangs non-standard HTML introduced by recent MS Office products.
          - CID defanging is more precise.
          - A few safe META and LINK tags are now recognized, fixing (for example)
            problems with charset-definitions.
          - Web-bugs can now be optionally defanged (feat_webbugs).
          - Initial measurements at FRISK indicate that the "false-positive"
            rate is somewhat lower than before. Plenty of room for improvement
            though...

        The html_evil_tags and html_javascript configuration variables are no
        longer used by the Sanitizer.

        MIMEStream now guesses boundary strings for multipart/ parts, if no
        boundary string is specified in the header. The Sanitizer adds the
        missing boundary string to the Content-Type header, if found and
        feat_fixmime=1.

        This release re-introduces ! policies and the score_bad feature,
        although the semantics are slightly different - see the manual for
        details. The score_panic, score_panic_code and score_bad_code
        variables (and features) have been removed. For semi-safe backwards
        compatibility, the panic policy acts just like the drop policy.

        The default configuration was dramatically improved (it's now very
        close to my "recommended" configuration, although it obviously lacks
        a proper virus scanner). It should now be easie to "tweak" the
        config to change policies for classes of files or add a virus
        scanner, without having to copy whole rules.

        Added feat_log_after, which formats messages in such a way as to
        facilitate after-the-fact insertion of logs into messages, without
        forcing the log process to rewrite the entire message.

        Fixed a bug in the Sanitizer where certain "fixes" made to the message
        headers could get lost if "feat_log_inline = 2" was used. Also fixed
        minor glitches within MIMEStream.

        Minor tweaks to header encoding routines.

        Added sanity-checks for certain MIME types, which defangs the attachment
        if the name doesn't match the MIME type. This blocks (amongst other
        things) the audio/x-wav exploit commonly used Nimda, BadTrans and others.

        Fixed an ugly bug to do with handling of nested multiparts. I'm not
        sure whether this was present in 1.44 or not.
        
        Added incomplete support for RFC2231 MIME Parameter Value and Encoded
        Word Extensions. This needs more work.
        
        Modified header checks to allow longer individual words within headers
        (the limit was 128 characters, raised it to 196). Relaxed the checks
        on subject lines quite a bit as well - they were downright irritating.

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     26588@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/



    hosted by molar.is