Announcing, revision 1.53

From: Bjarni R. Einarsson (
Date: Tue 17 Sep 2002 - 18:47:42 GMT

  • Next message: Jon Gabrielson: "open source antivirus programs."


    As promised, I've released a new revision of the Sanitizer. It's
    on the web site as usual:

    I recommend that anyone using a previous release of the Sanitizer
    upgrade as soon as possible, as this release contains a rather large
    number of improvements and bugfixes.


     - Added built-in support for F-Prot Antivirus for Linux, both the
       small-business and enterprise versions. The default Sanitizer
       configuration will now virus-scan all attachments using the
       command-line version of F-Prot, if it's available (if
       /usr/local/bin/f-prot exists). See the Changelog for more

     - The message/partial MIME-type is defanged by default, to protect
       against the fragmented-message attacks being discussed lately. This
       can be disabled by setting "feat_no_partial = 0".
     - For those who which to let message/partial messages through, there
       is now support for scannig the first part as if it were a
       message/rfc822 message. This means any security risks present in
       the *first part* will be defanged, but security problems in
       subsequent parts will probably still slip through.

     - Added protection against MIME recursion DoS attacks - the previous
       versions of the Sanitizer could be made to consume horrid amounts
       of memory if when sent heavily nested MIME messages. This could
       happen accidentally when mailer-daemons got stuck in endless loops.

    The HTML cleaner module has been updated as well, to revision 1.16.

    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89                -><-    

    Check out my open-source email sanitizer: Spammers, please send plenty of email to:

    hosted by