anomy-list

Announcing sanitizer.pl, revision 1.53

From: Bjarni R. Einarsson (52603@xyz.molar.is)
Date: Tue 17 Sep 2002 - 18:47:42 GMT

  • Next message: Jon Gabrielson: "open source antivirus programs."

    Hi!

    As promised, I've released a new revision of the Sanitizer. It's
    on the web site as usual: http://mailtools.anomy.net/dist/

    I recommend that anyone using a previous release of the Sanitizer
    upgrade as soon as possible, as this release contains a rather large
    number of improvements and bugfixes.

    Highlights:

     - Added built-in support for F-Prot Antivirus for Linux, both the
       small-business and enterprise versions. The default Sanitizer
       configuration will now virus-scan all attachments using the
       command-line version of F-Prot, if it's available (if
       /usr/local/bin/f-prot exists). See the Changelog for more
       details.

     - The message/partial MIME-type is defanged by default, to protect
       against the fragmented-message attacks being discussed lately. This
       can be disabled by setting "feat_no_partial = 0".
       
     - For those who which to let message/partial messages through, there
       is now support for scannig the first part as if it were a
       message/rfc822 message. This means any security risks present in
       the *first part* will be defanged, but security problems in
       subsequent parts will probably still slip through.

     - Added protection against MIME recursion DoS attacks - the previous
       versions of the Sanitizer could be made to consume horrid amounts
       of memory if when sent heavily nested MIME messages. This could
       happen accidentally when mailer-daemons got stuck in endless loops.

    The HTML cleaner module has been updated as well, to revision 1.16.

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     52603@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: 52686@xyz.molar.is



    hosted by molar.is