Jeremy A wrote:
>
> OK I got a clean original copy of the email (not through anomy) and
> plugged it into the above.
>
To add further. I have now processed the thunderbird version using the
same process. So same content, different mailer.
========================= start trace
[root@mail bin]# perl sanitizer.pl anomytest.conf < thunderbird.eml 2>&1
> dirtythun.eml
Sanitizer (start="1177467058"):
ParseHeader ():
Using Jeremy A <146881@xyz.molar.is> as reply-to address.
Using Jeremy A <146881@xyz.molar.is> as errors address.
Got MIME info: _boundpre="--", _disposition="inline",
_encoding="8bit", _type="multipart/mixed",
boundary="------------070508090603090004090502", charset="iso-8859-1",
undecoded-boundary="------------070508090603090004090502"
Finished parsing message header.
Parsing body as multipart/*
CleanMultipart
Replaced MIME boundary: >>------------070508090603090004090502<<
with: >>MIMEStream=_0+18981_058221453211319_6579156515<<
Writer (pos="363"):
Set MIME info to: _boundpre="--", _disposition="inline",
_encoding="8bit", _type="multipart/mixed",
boundary="MIMEStream=_0+18981_058221453211319_6579156515",
charset="iso-8859-1",
undecoded-boundary="------------070508090603090004090502"
Total modifications so far: 1
ParserUnclosedMultipart
Part (pos="447"):
ParseHeader ():
Got MIME info: _boundpre="--", _disposition="inline",
_encoding="7bit", _type="text/plain", boundary="", charset="ISO-8859-1"
Parsing body as text/*
CleanUnknown
CleanText
SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
Rule 1:
(?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
*
Rule 2:
(?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
Match (names="unnamed.txt", rule="2"):
Enforced policy: accept
Writer (pos="78"):
Set MIME info to: _boundpre="--", _disposition="inline",
_encoding="7bit", _type="text/plain", boundary="", charset="ISO-8859-1"
Part (pos="574"):
ParseHeader ():
Got MIME info: _boundpre="--", _disposition="inline",
_encoding="base64", _type="image/jpeg", boundary="",
charset="iso-8859-1", filename="ODYSSEYADD_Travis.jpg",
name="ODYSSEYADD_Travis.jpg"
Parsing body as DEFAULT.
CleanUnknown
SanitizeFile (filename="ODYSSEYADD_Travis.jpg, filetype.jpeg",
mimetype="image/jpeg"):
Rule 1:
(?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
*
Rule 2:
(?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
Match (names="ODYSSEYADD_Travis.jpg, filetype.jpeg", rule="2"):
Enforced policy: accept
Writer (pos="154"):
Set MIME info to: _boundpre="--", _disposition="inline",
_encoding="base64", _type="image/jpeg", boundary="",
charset="iso-8859-1", filename="ODYSSEYADD_Travis.jpg",
name="ODYSSEYADD_Travis.jpg"
ParserCat
Part (pos="174792"):
ParseHeader ():
Got MIME info: _boundpre="--", _disposition="inline",
_encoding="base64", _type="image/jpeg", boundary="",
charset="iso-8859-1", filename="Odyssey_OurPeopleAdd.jpg",
name="Odyssey_OurPeopleAdd.jpg"
Parsing body as DEFAULT.
CleanUnknown
SanitizeFile (filename="Odyssey_OurPeopleAdd.jpg, filetype.jpeg",
mimetype="image/jpeg"):
Rule 1:
(?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
*
Rule 2:
(?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
Match (names="Odyssey_OurPeopleAdd.jpg, filetype.jpeg", rule="2"):
Enforced policy: accept
Writer (pos="160"):
Set MIME info to: _boundpre="--", _disposition="inline",
_encoding="base64", _type="image/jpeg", boundary="",
charset="iso-8859-1", filename="Odyssey_OurPeopleAdd.jpg",
name="Odyssey_OurPeopleAdd.jpg"
ParserCat
Part (pos="292437"):
ParseHeader ():
Got MIME info: _boundpre="--", _disposition="attachment",
_encoding="7bit", _type="text/x-vcard", boundary="", charset="utf-8",
filename="jeremy.vcf", name="jeremy.vcf"
Parsing body as text/*
CleanUnknown
CleanText
SanitizeFile (filename="jeremy.vcf", mimetype="text/x-vcard"):
Rule 1:
(?i)(winmail\.dat|\.([23]86|vb[se]|jse|cpl|crt|chm|cpl|in[fsi]|isp|dll|drv|cmd|sc[rt]|sys|bat|pif|lnk|hlp|ms[cip]|reg|asd|sh[bs]|app|ocx|ht[ta]|mht|url|exe|ws[cfh]|ops|com|prx|mim|uue|uu|b64|bhx|hqx|xxe))
*
Rule 2:
(?i)\.(doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?|xls|xlw|xlt|csv|sxc|wk[1-4]|ppt|pps|pot|sxi|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|ai|mp3|avi|mpe?g|mov|qtw|ram?|ogg|vcf|zip|g?z|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
Match (names="jeremy.vcf", rule="2"):
Enforced policy: accept
Writer (pos="151"):
Set MIME info to: _boundpre="--", _disposition="attachment",
_encoding="7bit", _type="text/x-vcard", boundary="", charset="utf-8",
filename="jeremy.vcf", name="jeremy.vcf"