Bugtraq mailing list archives
Re: AMaViS virus scanner for Linux - root exploit
From: jhebert () CHEEK COM (Jim Hebert)
Date: Mon, 19 Jul 1999 16:22:57 -0400
Regarding the patch, I see that it essentially kills whatever "bad" characters you thought of. I suggest that the 'what is not explicitly allowed is denied' approach and using eliminating all characters except a certain list, perhaps an rfc-specified list or sane alteration of it. jim On Sun, 18 Jul 1999, Chris McDonough wrote:
Sorry, the AMaViS diff was messed up in my last message by my email program... please see http://sharon.iqgroup.com/scanmails.patch
-- The Microsoft/Mindcraft/ZDNet benchmarks: a) prove Linux is faster than you will ever, ever need. b) are a fantasy and shouldn't affect your purchase decision. Read why and decide for yourself at http://cs.alfred.edu/~lansdoct/mstest.html See http://www.heise.de/ct/english//99/13/186-1/ for more applicable tests.
Current thread:
- Re: linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot, (continued)
- Re: linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Marcelo Roccasalva (Jul 21)
- Re: ircd exploit in ircu based code (fwd) Matt Hallacy (Jul 15)
- Re: ircd exploit in ircu based code (fwd) Andrea Cocito (Jul 16)
- Logic Error in Management Edition NetWare install script for Dr. Sololomon's Bayard G. Bell (Jul 16)
- AMaViS virus scanner for Linux - root exploit Chris McDonough (Jul 16)
- CERT Advisory CA-99.08 - cmsd Aleph One (Jul 16)
- Re: AMaViS virus scanner for Linux - root exploit Kurt Seifried (Jul 17)
- Re: AMaViS virus scanner for Linux - root exploit Ian Whalley (Jul 19)
- Swish-e Jean-Georges Estiot (Jul 17)
- Re: AMaViS virus scanner for Linux - root exploit Chris McDonough (Jul 18)
- Re: AMaViS virus scanner for Linux - root exploit Jim Hebert (Jul 19)
- tiger vulnerability Ellen L Mitchell (Jul 20)
- iplogger Ymas problem Salvatore Sanfilippo -antirez- (Jul 18)
- Re: AMaViS virus scanner for Linux - root exploit Christian Bricart (Jul 19)