anomy-list

Version 1.58 breaks inline PGP

From: Rick Johnson (77035@xyz.molar.is)
Date: Fri 09 May 2003 - 03:23:43 GMT

  • Next message: Bjarni R. Einarsson: "Help! Perl unicode & Anomy? (was: Question on failures on testall)"

    On 5/8/2003 9:56 AM, Bjarni R. Einarsson wrote:
    > Hi!
    >
    > I just packaged and uploaded revision 1.58 of the Anomy Sanitizer to
    > http://mailtools.anomy.net/dist/.

    Thanks! I downloaded and installed today. As always, we appreciate your
    hard work!

    [...]

    > Some of the MIME changes were pretty exciting, so please keep your
    > eyes open and let me know if I broke something.

    You broke something :-)

    What you ask? Inline PGP appears to have been broken.

    When a PGP encrypted message is sent through, Sanitizer 1.58 does two
    things:

    1. It shortens the first PGP header from:

     -----BEGIN PGP MESSAGE-----

    to

    -----BEGIN PGP MESSAGE---

    Then, after the PGP block (end pgp message is placed correctly),

    It places a second "-----BEGIN PGP MESSAGE-----" at the end, and
    includes the correct amount of dashes.

    Any idea what could be causing this?

    Attached is my sanitizer config, as well as the source and destination
    encrypted messages (pre and post parsing).

    For now, I've reverted back to 1.57 until this can be fixed (either via
    config, or a source fix)

    Thanks!
    -Rick

    -- 
    Rick Johnson, RHCE #807302311706007 - 77035@xyz.molar.is
    Linux/Network Administrator - Medata, Inc. (from home)
    PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc
    

    Return-Path: <77035@xyz.molar.is> Received: from medata.com (ip68-96-75-154.oc.oc.cox.net [68.96.75.154]) (authenticated bits=0) by mail.medata.com (8.12.8/8.12.8) with ESMTP id h492uTqx012878 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <77035@xyz.molar.is>; Thu, 8 May 2003 19:56:30 -0700 Message-ID: <77107@xyz.molar.is> Date: Thu, 08 May 2003 19:56:57 -0700 From: Rick Johnson <77035@xyz.molar.is> Organization: Medata, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Rick Johnson <77035@xyz.molar.is> Subject: test X-Enigmail-Version: 0.75.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-121.7 required=5.0 tests=AWL,BAYES_01,USER_AGENT_MOZILLA_UA,USER_IN_WHITELIST autolearn=ham version=2.53 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) X-Sanitizer: This message has been sanitized! X-Sanitizer-URL: http://mailtools.anomy.net/ X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.67 2003/05/08 16:37:36 bre Exp $

    -----BEGIN PGP MESSAGE--- Charset: ISO-8859-1 Version: GnuPG v1.2.2 (MingW32) Comment: Signed/Encrpyted for your protection

    hQIOAyJ4+96otH63EAf/XG6pZqw616H+1/2/jG2IYqLOA7LsVnUBXssSk9KUjboU 83HEA9l4iZTmSCvyMg2T+aBtxRecR7ZgdDYHhYEUmGmpO73G1hKFvtga8lhry+aI Qh8dvf3qaI6LSvJV2yphaCRxqBc2JBS2nn9l25u6SSZj/x8iWjiXLOIZduUrjbrp Y1cj+fCIchHaQvDg9LBd2EQuRmKK/MirKMM/U41AgLI54RC4801994DHC2sQvxaQ UkhcNuIHQv3WVMTv5ouYvbaC1K5wrRsFe46Mo+jDNV6Wb4ScYwPWFrLDVPDWuY/I KewMMiLvyfDfG20dXoXnVQKZpkaTcL3imjUu+2mFUggAoRPZ4dn2uQ4iRD9eeIQk EFoGiicswcx4T4PXJh88ZR+CIZOn1WckcmYPQBQCxYOBW4UcMBraDzMvqKYnvehC Jivd7L0S95ahTAm+HSuFKBEv+TEGwvcRk/BKX1yGJJOcj59Zb8DTp+2RDwt/xE02 YXny1EE+7v2zDqTg9aD3qkI9QvuFtu1t2B32n7TmcOYtuJV8ui1YY/Kr5bCW0UjR eV2NMJWxYGBW9M+C70TE6W6uaiT9eU8Xrcu4SzkbSrH1orGTneYSVgWKldpqNhcK +84KiwGujhFz4oJH+7xwb7kQl86aRsq8aWTcR3VlRT6vUzT2zZzfHIHB5hLXOCa7 9NLAaAF5r0FsD2rlStcZ2ttGKjdl/c+9POECwyNeKieokPLCedReAyV+hjYgZhQo WhC+aUVe5bYlwNN5Di1Buq7oIdg3pRBKygoIS7Fjs2sH1+BU5+qvRtDcIAeH4a1c iU3TJ2KuCqRKjcOy196ky3J6UBEdqCgPu+MAZRgf/WMLOntN+NLd52X7ZDKCzdVv SstE7ADnZGT2JomHufPSYLG4mWUL8o9VMgAaNjwUEkBioIV2vGe/13QJ8mc8Aabj zxlFK0uasM2Lh+SiR8YdNWxc0OooTYgIrD5bxGIsjfRHwK9Fo+w+GC4slkmHPqTN Pq/JaQ+tllFaLmyJ9XP7YVjihu7nwhpuBZtuvTOaY7m7C7rElNQbmGMIq2dpsixy IuG+s2+FpPs2dzO0 =ZN1S -----END PGP MESSAGE-----

    -----BEGIN PGP MESSAGE-----

    Message-ID: <77107@xyz.molar.is> Date: Thu, 08 May 2003 19:56:57 -0700 From: Rick Johnson <77035@xyz.molar.is> Organization: Medata, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Rick Johnson <77035@xyz.molar.is> Subject: test X-Enigmail-Version: 0.75.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit

    -----BEGIN PGP MESSAGE----- Charset: ISO-8859-1 Version: GnuPG v1.2.2 (MingW32) Comment: Signed/Encrpyted for your protection

    hQIOAyJ4+96otH63EAf/XG6pZqw616H+1/2/jG2IYqLOA7LsVnUBXssSk9KUjboU 83HEA9l4iZTmSCvyMg2T+aBtxRecR7ZgdDYHhYEUmGmpO73G1hKFvtga8lhry+aI Qh8dvf3qaI6LSvJV2yphaCRxqBc2JBS2nn9l25u6SSZj/x8iWjiXLOIZduUrjbrp Y1cj+fCIchHaQvDg9LBd2EQuRmKK/MirKMM/U41AgLI54RC4801994DHC2sQvxaQ UkhcNuIHQv3WVMTv5ouYvbaC1K5wrRsFe46Mo+jDNV6Wb4ScYwPWFrLDVPDWuY/I KewMMiLvyfDfG20dXoXnVQKZpkaTcL3imjUu+2mFUggAoRPZ4dn2uQ4iRD9eeIQk EFoGiicswcx4T4PXJh88ZR+CIZOn1WckcmYPQBQCxYOBW4UcMBraDzMvqKYnvehC Jivd7L0S95ahTAm+HSuFKBEv+TEGwvcRk/BKX1yGJJOcj59Zb8DTp+2RDwt/xE02 YXny1EE+7v2zDqTg9aD3qkI9QvuFtu1t2B32n7TmcOYtuJV8ui1YY/Kr5bCW0UjR eV2NMJWxYGBW9M+C70TE6W6uaiT9eU8Xrcu4SzkbSrH1orGTneYSVgWKldpqNhcK +84KiwGujhFz4oJH+7xwb7kQl86aRsq8aWTcR3VlRT6vUzT2zZzfHIHB5hLXOCa7 9NLAaAF5r0FsD2rlStcZ2ttGKjdl/c+9POECwyNeKieokPLCedReAyV+hjYgZhQo WhC+aUVe5bYlwNN5Di1Buq7oIdg3pRBKygoIS7Fjs2sH1+BU5+qvRtDcIAeH4a1c iU3TJ2KuCqRKjcOy196ky3J6UBEdqCgPu+MAZRgf/WMLOntN+NLd52X7ZDKCzdVv SstE7ADnZGT2JomHufPSYLG4mWUL8o9VMgAaNjwUEkBioIV2vGe/13QJ8mc8Aabj zxlFK0uasM2Lh+SiR8YdNWxc0OooTYgIrD5bxGIsjfRHwK9Fo+w+GC4slkmHPqTN Pq/JaQ+tllFaLmyJ9XP7YVjihu7nwhpuBZtuvTOaY7m7C7rElNQbmGMIq2dpsixy IuG+s2+FpPs2dzO0 =ZN1S -----END PGP MESSAGE-----

    #sanitizer script taken from mailtools.anomy.net/sanitizer.html

    # Active features. #

    feat_verbose = 0 # Warn user about unscanned parts, etc. feat_log_inline = 0 # Inline logs: 0 = Off, 1 = Maybe, 2 = Force feat_log_stderr = 1 # Print log to standard error feat_log_xml = 0 # Don't use XML format for logs. feat_log_trace = 0 # Omit trace info from logs. feat_log_after = 0 # Don't add any scratch space to part headers. feat_files = 1 # Enable filename-based policy decisions. feat_force_name = 0 # Force all parts (except text/html parts) to # have file names. feat_boundaries = 0 # Replace all boundary strings with our own # NOTE: Always breaks PGP/MIME messages! feat_lengths = 1 # Protect against buffer overflows and null # values. feat_scripts = 1 # Defang incoming shell scripts. feat_html = 1 # Defang active HTML content. feat_webbugs = 1 # Web-bugs are allowed. feat_trust_pgp = 1 # Don't scan PGP signed message parts. feat_uuencoded = 1 # Sanitize inline uuencoded files. feat_forwards = 1 # Sanitize forwarded messages feat_testing = 0 # This isn't a test-case configuration. feat_fixmime = 1 # Fix invalid MIME, if possible. feat_paranoid = 0 # Don't be excessively paranoid about MIME headers etc. feat_newlines = 0 # 0=Auto, 1=lf (Unix), 2=crlf (Win), 3=cr (Mac) # ... 4=no newline mods feat_no_partial = 1 # Defang partial MIME attachments (split files between mult. e-mail)

    #now modify some messages msg_defanged = RENAME_FILE_TO_USE

    msg_file_drop = ****\nNOTE: An attachment was deleted from this part of the message msg_file_drop += \nbecause it was either an unauthorized file type or contained\n msg_file_drop += a virus which could not be removed. Please see the attached log\n msg_file_drop += for more details, or contact \77154@xyz.molar.is.\n\n msg_file_drop += The removed attachment's name was \t%FILENAME\n\n

    msg_file_save = ****\nNOTE: An attachment was deleted from this part of the message\n msg_file_save += because it was either an unauthorized file type or contained a virus\n msg_file_save += which could not be removed. \n msg_file_save += The file has been quarantined with the name \t%SAVEDNAME\n\n msg_file_save += The original name was : \t%FILENAME\n\n msg_file_save += Please contact 77191@xyz.molar.is if you need the file.\n

    msg_log_prefix = This message has been 'sanitized'. If the file was not a known\n msg_log_prefix += threat, it has been renamed and sent to you. \n msg_log_prefix += If you were expecting this file, you can simply rename it to the proper type\n msg_log_prefix += CAUTION: It may still be a dangerous file, please contact 77191@xyz.molar.is\n msg_log_prefix += if you are not 100% sure that it is safe!

    # # Note: This directory must exist and be writable by # the user running the sanitizer. # file_name_tpl = /var/quarantine/att-$F-$T.$$

    # We have five policies, in addition to the default which is # to defang file names. # file_default_policy = defang file_list_rules = 5 file_default_filename = unnamed.file.txt

    # Let's decode TNEF files first before processing - help get rid of those winmail.dat files # The "decoder" runs another sanitizer run on the decoded attachments to ensure cleanliness. # Running first to catch other attachments inside.

    file_list_1_scanner = 0:::/usr/local/anomy/contrib/tnef2multipart.pl %FILENAME file_list_1_policy = accept:drop:drop:drop file_list_1 = (?i)(winmail.dat)

    # Files we absolutely don't want (mostly executables). # Let's save Executables only if they're clean or cleanable, otherwise drop them to the bit bucket

    file_list_2_scanner = 0:19:12,13:/usr/local/bin/uvscan.sh %FILENAME file_list_2_policy = save:save:drop:drop file_list_2 = (?i)(\.(exe|vb[es]|c(om|hm)|bat|pif|s(ys|cr)) file_list_2 += (\.g?z|\.bz\d?)*)\.?$

    # Pure data, don't mangle this stuff (much). # file_list_3_scanner = 0 file_list_3_policy = accept file_list_3 = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp file_list_3 += |mp[32]|wav|au|ram?|htm?l|tif?f|psn?xml? file_list_3 += |avi|mov|mpe?g file_list_3 += |t(xt|ex)|csv|l(og|yx)|sql|(j)tmpl file_list_3 += |[ch](pp|\+\+)?|s|inc|as[cm]|pa(tch|s)|p(gp|7m|hp)|java\d? file_list_3 += |[ja]sp file_list_3 += |dat|idx|cbl|rtf file_list_3 += |abf file_list_3 += |can|pos|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*\.?$

    # Accept these only after a virus scan. file_list_4_scanner = 0:19:12,13:/usr/local/bin/uvscan.sh %FILENAME file_list_4_policy = accept:mangle:save:save file_list_4 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html? file_list_4 += |class|upd|wp\d?|m?db|snp|v(sd|cf)|tmp file_list_4 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz file_list_4 += )(\.g?z|\.bz\d?)*\.?$

    # This is the default policy. # The check_for_virus script returns 0 clean, 2 infected, but cleaned, 3 infected and not cleaned # uvscan returns 0 clean, 19 infected, but cleaned, 12 or 13 for infected file_list_5_scanner = 0:19:12,13:/usr/local/bin/uvscan.sh %FILENAME file_list_5_policy = accept:mangle:save:save file_list_5 = ^[^\.]+$



    hosted by molar.is