anomy-list

Announcing sanitizer.pl, revision 1.56

From: Bjarni R. Einarsson (58909@xyz.molar.is)
Date: Tue 22 Oct 2002 - 16:51:38 GMT

  • Next message: Robin Whittle: "Re: Postfix-SA-Anomy-Maildrop doc suggestions."

    Hi!

    I've updated the sanitizer to revision 1.56.
    Get it from the usual place:

      http://mailtools.anomy.net/
      
    Security related changes:

     - Modified the MIME attribute parser, to catch Bugbear's broken
       file names (the unquoted ones with spaces in them).
     
     - Added protection against a theoretical attack based on comments
       within RFC822 headers names.

    Also, I added an expiramental "Scanner API" I'd like people to test
    and provide feedback on.

    The API allows external scanner processes to tell the Sanitizer to
    include a different file instead of the original, change the file
    name, mime type and/or encoding strategy of the scanned data.

    This isn't terribly useful for normal virus scanners, but it opens
    up all sorts of other possibilities instead. As a proof of
    concept, I included sample script which encapsulates all "scanned"
    files within a ZIP archive (contrib/zip_script).

    Read the comments at the top of zip_script for installation
    instructions, and the CHANGELOG for details on the API itself.

    Note that this feature has hardly been tested and may cause
    unexpected problems. So please test it carefully and let me know
    if it breaks on your system. :-)

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     58909@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: 58992@xyz.molar.is



    hosted by molar.is