Hi all, and Happy New Year!
There is a new Sanitizer at the usual place:
This release is mainly focused on dealing with the WMF threat,
which you can read about here:
http://isc.sans.org/diary.php?storyid=994
This vulnerability sounds like it's a big deal, if you're
running Windows workstations you may want to consider
installing the unofficial patch mentioned on isc.sans.org.
E-mail is only one of many attack vectors for this problem,
and not really the one most likely to cause trouble.
I recommend updating your installations and adding WMF to the
list of filetypes you defang or drop.
The relevant Changelog entry follows:
Added code to recognize the most common/important file
formats based on actual file contents, not just file name
and MIME-type. Added magic to detect WMF files, to allow
reliable blacklisting of said files, see
http://isc.sans.org/diary.php?storyid=994 for info.
Added generic code to detect when people try to disguise
non-JPEG/GIF/PNG as such files and defang such attachments.
Removed the references from the HTML Cleaner's output, the
owners of the linked web sites were unhappy because their
URLs were being associated with spam as a result of being in
Anomy's verbose logs.
-- Bjarni Rúnar Einarsson 143918@xyz.molar.is http://bre.klaki.net/PGP: 02764305, B7A3AB89