Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: AMaViS virus scanner for Linux - root exploit
From: jhebert () CHEEK COM (Jim Hebert)
Date: Mon, 19 Jul 1999 16:22:57 -0400


Regarding the patch, I see that it essentially kills whatever "bad"
characters you thought of. I suggest that the 'what is not explicitly
allowed is denied' approach and using eliminating all characters except a
certain list, perhaps an rfc-specified list or sane alteration of it.

jim

On Sun, 18 Jul 1999, Chris McDonough wrote:

Sorry, the AMaViS diff was messed up in my last message by
my email program...

please see http://sharon.iqgroup.com/scanmails.patch


--
The Microsoft/Mindcraft/ZDNet benchmarks:
     a) prove Linux is faster than you will ever, ever need.
     b) are a fantasy and shouldn't affect your purchase decision.
Read why and decide for yourself at http://cs.alfred.edu/~lansdoct/mstest.html
See http://www.heise.de/ct/english//99/13/186-1/ for more applicable tests.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]