I've updated the sanitizer to revision 1.56.
Get it from the usual place:
Security related changes:
- Modified the MIME attribute parser, to catch Bugbear's broken
file names (the unquoted ones with spaces in them).
- Added protection against a theoretical attack based on comments
within RFC822 headers names.
Also, I added an expiramental "Scanner API" I'd like people to test
and provide feedback on.
The API allows external scanner processes to tell the Sanitizer to
include a different file instead of the original, change the file
name, mime type and/or encoding strategy of the scanned data.
This isn't terribly useful for normal virus scanners, but it opens
up all sorts of other possibilities instead. As a proof of
concept, I included sample script which encapsulates all "scanned"
files within a ZIP archive (contrib/zip_script).
Read the comments at the top of zip_script for installation
instructions, and the CHANGELOG for details on the API itself.
Note that this feature has hardly been tested and may cause
unexpected problems. So please test it carefully and let me know
if it breaks on your system. :-)
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 firstname.lastname@example.org -><- http://bre.klaki.net/
Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: email@example.com