procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ANN: Procmail Sanitizer 1.139 is released

2003-09-07 18:11:00
from [John D. Hardin] [Permanent Link] 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.139
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/WA:  http://eucleides.com/sanitizer/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
#EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-security.html
#AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
#AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/WA:  http://eucleides.com/sanitizer/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
#EU/NO:  http://jhardin.oftedal.no/email-tools/procmail-sanitizer.tar.gz
#AU:     
http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
#AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz

("commented out" mirrors are temporarily out-of-sync or unavailable)


0c636b1daf96bf12ca188059df43e952  html-trap.procmail
d29c4f6acfbdefed509d88f88f4cdbd3  html-trap.procmail.nomacroscan
2de26938631957065bdcfdf442d2f645  procmail-sanitizer.tar.gz


- From the changelog:
09/07/2003 (1.139)
Sanitize bare CR in message headers (Outlook bug).
Sanitize multiple null addresses (sendmail exploit).
Improve the UUE exclusion of the HTML defanger.
Permit spaces after MIME type in MIME headers.
Override csh use, as it is sanitizer-hostile.
Add Microsoft Office Suite VBE buffer overflow attacks to macro scanner.


The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html

The archive of the sanitizer discussion list is at
http://www.spconnect.com/mailman/listinfo/esd-l



-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBP1vCh9gi5ua4cy55EQIbUwCg6papYWIHbuKkS7pPB+o01VSfurYAnRj3
iaYBYzQnH/BA4B8bqAqIETZE
=x0ie
-----END PGP SIGNATURE-----


The Microsoft Office VBE BO attack detection is the primary attraction
of this release.


--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin(_at_)impsec(_dot_)org                        pgpk -a 
jhardin(_at_)impsec(_dot_)org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
                                  -- John C. Randolph <jcr(_at_)idiom(_dot_)com>
-----------------------------------------------------------------------
   14 days until Galileo is deorbited


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • ANN: Procmail Sanitizer 1.139 is released, John D. Hardin <=
Previous by Date:  Re: dead horse -- procmail: No permission to execute, Ruud H.G. van Tol
Next by Date:  Re: dead horse (yummy) -- procmail: No permission to execute, David W. Tamkin
Previous by Thread:  update on virus word filtering, Dragoncrest
Next by Thread:  nevermind the delicious dead horse, David W. Tamkin
Indexes:  [Date] [Thread] [Top] [All Lists]