[10061] in bugtraq
Procmail scanning for hostile macros in Microsoft document e-mail
daemon@ATHENA.MIT.EDU (John D. Hardin)
Wed Mar 31 14:17:39 1999
Date: Wed, 31 Mar 1999 11:01:37 -0800
Reply-To: "John D. Hardin" <jhardin@wolfenet.com>
From: "John D. Hardin" <jhardin@WOLFENET.COM>
To: BUGTRAQ@NETSPACE.ORG
I have added some rudimentary scanning for possibly hostile macros in
Microsoft Word and Excel attachments to my Procmail-based email
sanitizer. This scanning is for code fragments that do things that
shouldn't be in document macros rather than any particular variant of
an existing virus or worm, so it should be generally effective.
I'd like to have some third-party comment and beta testing before I
release it. Anyone interested should send me some email at
<jhardin@wolfenet.com> and I'll send the html-trap.procmail filter
with the added attachment scanning code.
I hope to publicly release this modification tomorrow or Friday.
For further information on the Procmail e-mail sanitizer, visit
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
--
John Hardin KA7OHZ jhardin@wolfenet.com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
-----------------------------------------------------------------------
48 days until Star Wars episode I
