blocking %00 / %01 exploits with mailscanner?

[Dan Hollis]

On Mon, 19 Jan 2004, Chris Yuzik wrote:
> At 21:23 19/01/2004, you wrote:
> >> So basically, "no, mailscanner can't do that"? It can block iframe
> >> exploits but not URI exploits?
> I'm with Julian on this one. All that matters is that you block these
> extremely dangerous emails from your users. If Spamassassin can do it,
> then why "reinvent the wheel" by making MailScanner do it also?
> I have MailScanner set to delete (and quarantine) high scoring spam,
> which on my server is anything above 15. I have yet to see a
> false-positive score that high. If these get deleted without your users
> even seeing them, then all the better. There's no way anyone would
> accidentally use this exploit in a legitimate email.

Ok, here is the problem.

Not all of our users want spamassassin. Some do, and they run it from
.procmailrc in their homedirs.

On the other hand, we have virus scanning globally via mailscanner and
f-prot.

The %00/%01 exploit would fall under the same category as iframe blocking
in mailscanner.

So I guess i'm looking for a way to filter %00/%01 globally, yet avoid
forcing spamassassin globally on all users.

Alternatively, could the iframe blocking be generic-ized in mailscanner in
such a way that admins could plugin their own rules into mailscanner so
that 'exploit of the week' doesnt have to be hardcoded into mailscanner?

Maybe a special direction clause for /etc/MailScanner/rules ruleset files,
eg Url: ?

-Dan