lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 23 Sep 2003 19:50:56 +0300
From: Alexander Ogol <sanyok_nospam@...physoft.org.ua>
To: bugtraq@...urityfocus.com
Subject: Re: base64


>>>>> "IT" == Ilya Teterin writes:

[kham-kham-kham....argh....]

 IT> How to solve this issue? I believe we should rewrite at least
 IT> filtering systems to block malformed base64-encoded data because we
 IT> don't know is it malicious or not. Otherwise, we can meet new powerful
 IT> e-mail worm.

Rewriting filtering systems for rejecting malformed mail couldn't be good
decision in all situations. Some mailing lists (debian-russian, for example)
add some 7bit information after letter body while re-forwarding, regardless
of was the letter base64/QP encoded or not, resulting of such malformed
mail (and if your mail server recodes all 8bit mail to base64, you have no
way to write to those mail lists without creating malformed mail at
result).
So I think that the right solution (before antivirus software would be
rewritten) is to write filters by yourself - decode base64 as that do
popular mail clients and give them to antivirus.
Of course, it's somehow more hard than just filtering up all those
letters.

-- 
Sincerely yours, Alexander Ogol, happy GNU/Linux user.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ