anomy-list

Announcing sanitizer.pl, revision 1.75

From: Bjarni R. Einarsson (143918@xyz.molar.is)
Date: Mon 02 Jan 2006 - 05:04:59 GMT

  • Next message: Bjarni R. Einarsson: "Re: Announcing sanitizer.pl, revision 1.75"

    Hi all, and Happy New Year!

    There is a new Sanitizer at the usual place:

       http://mailtools.anomy.net/

    This release is mainly focused on dealing with the WMF threat,
    which you can read about here:

       http://isc.sans.org/diary.php?storyid=994

    This vulnerability sounds like it's a big deal, if you're
    running Windows workstations you may want to consider
    installing the unofficial patch mentioned on isc.sans.org.
    E-mail is only one of many attack vectors for this problem,
    and not really the one most likely to cause trouble.

    I recommend updating your installations and adding WMF to the
    list of filetypes you defang or drop.

    The relevant Changelog entry follows:

      Added code to recognize the most common/important file
      formats based on actual file contents, not just file name
      and MIME-type. Added magic to detect WMF files, to allow
      reliable blacklisting of said files, see
      http://isc.sans.org/diary.php?storyid=994 for info.

      Added generic code to detect when people try to disguise
      non-JPEG/GIF/PNG as such files and defang such attachments.

      Removed the references from the HTML Cleaner's output, the
      owners of the linked web sites were unhappy because their
      URLs were being associated with spam as a result of being in
      Anomy's verbose logs.

    -- 
    Bjarni Rúnar Einarsson
     143918@xyz.molar.is
     http://bre.klaki.net/
    

    PGP: 02764305, B7A3AB89



    hosted by molar.is