anomy-list

Re: (Fwd) Outlook will see non-existing attachments

From: Bjarni R. Einarsson (36414@xyz.molar.is)
Date: Thu 14 Feb 2002 - 12:31:56 UTC

  • Next message: Bjarni R. Einarsson: "Announcing sanitizer.pl, revision 1.49"

    There will be code to address this in revision 1.49, to be released
    either today or tomorrow depending on my workload.

    My approach is to simply defang all bare <CR> characters in the message
    header, so Outlook will interpret the header like it should. If anyone
    has a better idea, I'd be happy to hear it.

    On 2002-02-13, 17:18:07 (-0500), Jim Rosenberg wrote:
    > Bjarni, I don't know if you've seen this or not; I'm way behind on
    > all my Internet mailing lists so I'm not sure if this has already
    > come up on Anomy-list (this is a backchannel message.)

    Actually, I subscribe to bugtraq and picked it up there. It hadn't
    been mentioned on this list yet.

    > Since Anomy is in perl I'd be *REALLY* surprised if it isn't
    > vulnerable to these attacks; sounds like this is a way for an .exe to
    > sneak right through anomy -- ouch.

    Has little to do with being written in perl. :-)

    > Take a look -- I haven't tested anything to see if this mechanism can
    > sneak through Anomy -- I may try it from home tonight.
    >
    > -Thanks, Jim
    >
    > ------- Forwarded message follows -------
    [snip]
    >
    > This report is, in slightly modified form, also available on
    > http://www.openoffice.nl/special_interest/outlookbug.html
    >
    [snip]

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     36414@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: 36539@xyz.molar.is



    hosted by molar.is