The Sanitizer's intended audience is administrators of mail systems. It is not generally intended for end users, unless they administer their own mail systems rather then simply telling their mail program to retrieve messages from a mail server administered by someone else.
If you are here because you've gotten a message saying that a piece of mail you sent has been rejected, or because the URL for this website appears in a piece of mail you've received, or because you're wondering why your email attachments are suddenly named DEFANGED, please read this introduction to the Sanitizer - it should answer your questions. Let me know if it doesn't.
Site Index:
This procmail ruleset is specifically designed to "sanitize" your email on the mail server, before your users even attempt to retrieve their messages. It is not intended for end users to install on their Windows desktop systems for personal protection.
|
The
current version of the html-trap.procmail ruleset is:
1.134
It is recommended you update your copy if your version is older, as bugfixes and filtering for newer exploits will have been added. See the history of changes for details. An announce list for email security issues has been set up. It will primarily carry information on new exploits and updates of the sanitizer. To subscribe, send a message with the subject "subscribe" to esa-l-request@spconnect.com. This is a strongly moderated list for announcements only, not general discussion. If you want to join the discussion list, send a message with the subject "subscribe" to esd-l-request@spconnect.com. This is a members-only list; to post to it you must join. There is also an archive of messages available. |
|
The ftp.rubyriver.com mirror is no longer being maintained. I will leave links to it in place until the content becomes too out-of-date. I am trying to regain access.
Development of the 2.0 sanitizer has begun. The planned feature list looks something like this:
I've decided to delay moving over to the Anomy project until after a stable 2.x sanitizer ships, for various reasons including the feeling that there should be alternative solutions available.
I can be contacted at <jhardin@impsec.org> - you could also visit my home page.
Several people have asked me why I don't charge for this
package. I suppose this is primarily due to the fact that I don't
think anybody should be exposed to these attacks simply because they
don't want to or can't afford to buy something to protect themselves,
but it also has to do with the fact that I view this as an interesting
intellectual challenge, a way to gain recognition, and a way to give
back to the community.
However, if you feel like paying for receiving something of
value that has improved your life, then feel free to send me a
donation via PayPal, and lament that nobody's done TequilaPal yet.
Best viewed with
Any Browser
http://www.impsec.org/email-tools/procmail-security.html
