Re: AMaViS virus scanner for Linux - root exploit

From: Jim Hebert (jhebertat_private)
Date: Mon Jul 19 1999 - 13:22:57 PDT

Next message: Ian Whalley: "Re: AMaViS virus scanner for Linux - root exploit"

Previous message: Ollivier Robert: "Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2"
Maybe in reply to: Chris McDonough: "AMaViS virus scanner for Linux - root exploit"
Next in thread: Ian Whalley: "Re: AMaViS virus scanner for Linux - root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Regarding the patch, I see that it essentially kills whatever "bad"
characters you thought of. I suggest that the 'what is not explicitly
allowed is denied' approach and using eliminating all characters except a
certain list, perhaps an rfc-specified list or sane alteration of it.

jim

On Sun, 18 Jul 1999, Chris McDonough wrote:

> Sorry, the AMaViS diff was messed up in my last message by
> my email program...
>
> please see http://sharon.iqgroup.com/scanmails.patch
>

--
The Microsoft/Mindcraft/ZDNet benchmarks:
     a) prove Linux is faster than you will ever, ever need.
     b) are a fantasy and shouldn't affect your purchase decision.
Read why and decide for yourself at http://cs.alfred.edu/~lansdoct/mstest.html
See http://www.heise.de/ct/english//99/13/186-1/ for more applicable tests.

Next message: Ian Whalley: "Re: AMaViS virus scanner for Linux - root exploit"
Previous message: Ollivier Robert: "Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2"
Maybe in reply to: Chris McDonough: "AMaViS virus scanner for Linux - root exploit"
Next in thread: Ian Whalley: "Re: AMaViS virus scanner for Linux - root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:46 PDT