procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ANN: Email Sanitizer 1.144 released

2004-07-28 19:33:04
from [John D. Hardin] [Permanent Link] 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The procmail sanitizer has been updated. The current version is 1.144
It is available via:

US/WA:  http://www.impsec.org/email-tools/procmail-security.html
US/WA:  http://eucleides.com/sanitizer/procmail-security.html
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-security.html
#EU/NO:  http://oftedal.no/~jhardin/email-tools/procmail-security.html
AU:     http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU:     http://impsec.fuzzitech.net/email-tools/procmail-security.html

Direct links to the current tarball:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/WA:  http://eucleides.com/sanitizer/procmail-sanitizer.tar.gz
EU/NL:  http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
#EU/NO:  http://oftedal.no/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU:     
http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU:     http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz

("commented out" mirrors are temporarily out-of-sync or unavailable)


b27ab0472f9d5f68be5e106d9ff59262  html-trap.procmail
c2d5cb20d173f6f5c15ed6f17a99b767  html-trap.procmail.nomacroscan
e5a09dc262a697e4f27c6a5fb353dfd0  procmail-sanitizer.tar.gz


- From the changelog:
07/28/2004 (1.144)
Fix subject line on recipient notification if message was discarded (Thanks to 
Joe Steele).
Defang webbugs in table elements.
Defang additional HTML tags.
Add $SPOOFED_SENDER handling option for reply control.
Minor bugfix in ZIP file detection and scanning.
Trap poorly-formed BASE64-encoded ZIP attachments (short lines).
Fix bug in BASE64-encoded zipfile decoding.


NOTE: Please either update to this version or apply the
1.139 Smarter-Reply patch from the website. The stock 1.139
sanitizer responds to attack messages with forged sender
addresses. This generates a great deal of useless email
backscatter.


The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html

The archive of the sanitizer discussion list is at
http://www.spconnect.com/mailman/listinfo/esd-l



-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv

iQA/AwUBQQeeGNgi5ua4cy55EQI/qACgkLz3OTTWSZr94WtfBJ06pmp15hYAnRhI
9rl0EIYJQOzJN+Dun9fmEzbv
=fjIS
-----END PGP SIGNATURE-----

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin(_at_)impsec(_dot_)org    FALaholic #11174    pgpk -a 
jhardin(_at_)impsec(_dot_)org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The [assault weapons] ban is the moral equivalent of banning red
  cars because they look too fast.
                                   -- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
   47 days until the "Scary-Looking Guns" ban expires


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • ANN: Email Sanitizer 1.144 released, John D. Hardin <=
Previous by Date:  Re: /etc/procmailrc recipe to mark zip attachments, Google Kreme
Next by Date:  Re: This tiny script causes a segmentation fault.., Justin Gombos
Previous by Thread:  What exactly does \< expand to?, Justin Gombos
Next by Thread:  Maildir create, Hans du Plooy
Indexes:  [Date] [Thread] [Top] [All Lists]