On Mon, 16 Jul 2007, Polish wrote:
> Package: amavisd-new
> Version: 1:2.4.2-6.1
> Severity: minor
>
> Banned rule CLSID is enabled by default. Rule matchs mail with spam in
> attachment. Problem is that rule match attachment with name "{Spam?}".
>
> User1 mails to user2. Mail system marks valid mail as spam. User2 resent mail
> in attachment to Administrator, but mail system block mail, bacause
> match CLSID rule.
Would you take just documentation of this issue as a valid fix? I am
severely inclined to prefer blocking a big class of attacks on windows
platforms in amavisd-new over letting email with weird crap as an attachment
name...
I don't know if fixing the regex to require numbers after the '?' would work
well as a fix (we must not make it fail to match any CLSID attacks). Brian?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
