anomy-list

• Previous message: Brian Schonecker: "Re: Bypassing SMTP Content Protection with Multi-Part Messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Open the file .../anomy/bin/Anomy/Sanitizer.pm

Search for ...
sub SanitizeHeaders

Add the following lines starting with the + sign (without the + sign)...

    # Copy headers...
    foreach my $key (keys(%{ $part->{"mime"} }))
    {
        $mime->{$key} = $part->{"mime"}->{$key};
    }
+
+ # if you want to switch this on/off
+ # create a config option 'feat_message_partial'
+ # and enable the 'if (...)'
+ #
+ #if ($conf->{"feat_message_partial"})
+ {
+ if ($mime->{"type"} =~ /partial/)
+ {
+ $mime->{"type"} = "text/plain";
+ }
+ }
+

This will change all MIME .../partial to text/plain, and
tis will break message/partial

If you have enabled 'feat_force_name=1' the MIME part will
assigned the default name eg. 'unamed.txt'. This will force
the virus scanner to run if you have enabled this also.

For unknown reason 'feat_force_name' will only work if
'feat_boundaries' is also enabled, so check this too.

I have changed my default name to 'unamed.???' and my
default policy are 'drop', so this MIME content will be
removed.

Wolfgang Käß

attached mail follows:

Open the file .../anomy/bin/Anomy/Sanitizer.pm

Search for ...
sub SanitizeHeaders

Add the following lines starting with the + sign (without the + sign)...

    # Copy headers...
    foreach my $key (keys(%{ $part->{"mime"} }))
    {
        $mime->{$key} = $part->{"mime"}->{$key};
    }
+
+ # if you want to switch this on/off
+ # create a config option 'feat_message_partial'
+ # and enable the 'if (...)'
+ #
+ #if ($conf->{"feat_message_partial"})
+ {
+ if ($mime->{"type"} =~ /partial/)
+ {
+ $mime->{"type"} = "text/plain";
+ }
+ }
+

This will change all MIME .../partial to text/plain, and
tis will break message/partial

If you have enabled 'feat_force_name=1' the MIME part will
assigned the default name eg. 'unamed.txt'. This will force
the virus scanner to run if you have enabled this also.

For unknown reason 'feat_force_name' will only work if
'feat_boundaries' is also enabled, so check this too.

I have changed my default name to 'unamed.???' and my
default policy are 'drop', so this MIME content will be
removed.

Wolfgang Käß

• Next message: Jim Rosenberg: "Re: Bypassing SMTP Content Protection with Multi-Part Messages"
• Previous message: Brian Schonecker: "Re: Bypassing SMTP Content Protection with Multi-Part Messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]