anomy-list

Re: Unexpected defanging of jpg images.

From: Jeremy A (146787@xyz.molar.is)
Date: Wed 25 Apr 2007 - 02:17:31 GMT

  • Next message: Paolo: "Re: Unexpected defanging of jpg images."

    Jeremy A wrote:
    >
    > OK I got a clean original copy of the email (not through anomy) and
    > plugged it into the above.
    >

    To add further. I have now processed the thunderbird version using the
    same process. So same content, different mailer.

    ========================= start trace

    [root@mail bin]# perl sanitizer.pl anomytest.conf < thunderbird.eml 2>&1
    > dirtythun.eml
    Sanitizer (start="1177467058"):
      ParseHeader ():
        Using Jeremy A <146881@xyz.molar.is> as reply-to address.
        Using Jeremy A <146881@xyz.molar.is> as errors address.
        Got MIME info: _boundpre="--", _disposition="inline",
    _encoding="8bit", _type="multipart/mixed",
    boundary="------------070508090603090004090502", charset="iso-8859-1",
    undecoded-boundary="------------070508090603090004090502"

      Finished parsing message header.
      Parsing body as multipart/*
      CleanMultipart
      Replaced MIME boundary: >>------------070508090603090004090502<<
                        with: >>MIMEStream=_0+18981_058221453211319_6579156515<<
      Writer (pos="363"):
        Set MIME info to: _boundpre="--", _disposition="inline",
    _encoding="8bit", _type="multipart/mixed",
    boundary="MIMEStream=_0+18981_058221453211319_6579156515",
    charset="iso-8859-1",
    undecoded-boundary="------------070508090603090004090502"
        Total modifications so far: 1

      ParserUnclosedMultipart
      Part (pos="447"):
        ParseHeader ():
          Got MIME info: _boundpre="--", _disposition="inline",
    _encoding="7bit", _type="text/plain", boundary="", charset="ISO-8859-1"

        Parsing body as text/*
        CleanUnknown
        CleanText
        SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
          Rule 1:
    (?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
    *
          Rule 2:
    (?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
          Match (names="unnamed.txt", rule="2"):
            Enforced policy: accept

        Writer (pos="78"):
          Set MIME info to: _boundpre="--", _disposition="inline",
    _encoding="7bit", _type="text/plain", boundary="", charset="ISO-8859-1"

      Part (pos="574"):
        ParseHeader ():
          Got MIME info: _boundpre="--", _disposition="inline",
    _encoding="base64", _type="image/jpeg", boundary="",
    charset="iso-8859-1", filename="ODYSSEYADD_Travis.jpg",
    name="ODYSSEYADD_Travis.jpg"

        Parsing body as DEFAULT.
        CleanUnknown
        SanitizeFile (filename="ODYSSEYADD_Travis.jpg, filetype.jpeg",
    mimetype="image/jpeg"):
          Rule 1:
    (?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
    *
          Rule 2:
    (?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
          Match (names="ODYSSEYADD_Travis.jpg, filetype.jpeg", rule="2"):
            Enforced policy: accept

        Writer (pos="154"):
          Set MIME info to: _boundpre="--", _disposition="inline",
    _encoding="base64", _type="image/jpeg", boundary="",
    charset="iso-8859-1", filename="ODYSSEYADD_Travis.jpg",
    name="ODYSSEYADD_Travis.jpg"

        ParserCat

      Part (pos="174792"):
        ParseHeader ():
          Got MIME info: _boundpre="--", _disposition="inline",
    _encoding="base64", _type="image/jpeg", boundary="",
    charset="iso-8859-1", filename="Odyssey_OurPeopleAdd.jpg",
    name="Odyssey_OurPeopleAdd.jpg"

        Parsing body as DEFAULT.
        CleanUnknown
        SanitizeFile (filename="Odyssey_OurPeopleAdd.jpg, filetype.jpeg",
    mimetype="image/jpeg"):
          Rule 1:
    (?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
    *
          Rule 2:
    (?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
          Match (names="Odyssey_OurPeopleAdd.jpg, filetype.jpeg", rule="2"):
            Enforced policy: accept

        Writer (pos="160"):
          Set MIME info to: _boundpre="--", _disposition="inline",
    _encoding="base64", _type="image/jpeg", boundary="",
    charset="iso-8859-1", filename="Odyssey_OurPeopleAdd.jpg",
    name="Odyssey_OurPeopleAdd.jpg"

        ParserCat

      Part (pos="292437"):
        ParseHeader ():
          Got MIME info: _boundpre="--", _disposition="attachment",
    _encoding="7bit", _type="text/x-vcard", boundary="", charset="utf-8",
    filename="jeremy.vcf", name="jeremy.vcf"

        Parsing body as text/*
        CleanUnknown
        CleanText
        SanitizeFile (filename="jeremy.vcf", mimetype="text/x-vcard"):
          Rule 1:
    (?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
    *
          Rule 2:
    (?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
          Match (names="jeremy.vcf", rule="2"):
            Enforced policy: accept

        Writer (pos="151"):
          Set MIME info to: _boundpre="--", _disposition="attachment",
    _encoding="7bit", _type="text/x-vcard", boundary="", charset="utf-8",
    filename="jeremy.vcf", name="jeremy.vcf"



    hosted by molar.is