All releases of the Anomy mail sanitizer

  •  21 Jun 2003 05:23
Avatar

    Release Notes: HTMLCleaner was updated to avoid endless loops with Perl 5.00503. Users can now specify certain replacement tags in the configuration file. The testall.sh script now warns users if they attempt to use the Sanitizer in an UTF-8 enabled environment. The test cases were updated for FreeBSD 4.6.2 with Perl 5.00503, and fir Unicode-enabled Red Hat 8 or 9 machines.

    •  18 Sep 2002 12:25
    Avatar

      Release Notes: The only change is within the HTML cleaner, to disable href= and src= attributes using the hcp:// protocol. The HTML cleaner has been updated to revision 1.17.

      •  17 Sep 2002 20:41
      Avatar

        Release Notes: This release has built-in support for F-Prot Antivirus for Linux and protection against "message/partial" fragmented message attacks. Quite a few minor bugs have been fixed.

        •  15 Feb 2002 19:10
        Avatar

          Release Notes: Workarounds for problems regarding how Outlook detects uuencoded attachments, protection against the Outlook "hidden attachment" exploit (caused by carriage returns in message headers), a few other minor bugfixes, and a more powerful attachment policy language. The HTML cleanup module is available as a seperate package for users and developers of other security tools.

          •  07 Jan 2002 13:43
          Avatar

            Release Notes: Compatibility with Windows platforms was improved. The way that STYLE blocks are handled by the HTML cleaner was improved. A few other minor bugs were fixed.

            •  12 Dec 2001 21:08
            Avatar

              Release Notes: This release includes a rewritten HTML sanitizer which enforces default-deny instead of the old default-allow policy, in addition to many other HTML-related improvements. It also adds generic detection of MIME-type/filename mismatches, which protects against bugs like those exploited by BadTrans and Nimda. Handling of invalid MIME was improved, the default configuration is more secure than before, a few bugs have been fixed, and rudimentary support for RFC2231 MIME-parameter encoding has been added.

              •  11 Oct 2001 20:11
              Avatar

                Release Notes: Many important bugs have been fixed, including a bug which could cause corruption of Base64-encoded attachments under certain circumstances.

                •  04 Sep 2001 20:32
                Avatar

                  Release Notes: Adding LINK and FRAMESET tags to list of defanged HTML tags, and fixes for logging bugs and charset and character mangling related issues. This release completes the refactoring of the Sanitizer from a monolithic script to a more OO design.

                  •  21 Aug 2001 18:18
                  Avatar

                    Release Notes: The FORM tag has been added to the HTML defanger, due to related vulnerabilities discussed on BUGTRAQ. The logging system has been rewritten, and other minor bugfixes and improvements have been made. Pleae note that scoring is disabled in this release, so if you are using it wait for 1.43 before upgrading.

                    •  07 Aug 2001 18:28
                    Avatar

                      Release Notes: This release contains multiple bugfixes to the MIME parser and filename policy code. Documentation on sendmail m4 configuration and sanitizing with Postfix has been added. The code has been reorganized a bit. A MIME simplifier has been added for people who want to strip attachments from messages destined for mailing lists.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.