[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Thu, May 16, 2002 at 12:02:34PM +0200, Wouter Verhelst wrote:
> On Thu, 16 May 2002, Richard Braakman wrote:
> > On Thu, May 16, 2002 at 12:43:45AM +0200, Hilko Bengen wrote:
> > > No. That is exactly what AMaViS-ng does. And security is the reason
> > > why AMaViS-ng only supports unpacking programs that can unpack things
> > > to stdout.
> > 
> > Actually, I think there is.  It makes it possible to hide a virus in
> > the part of the archive beyond $SIZELIMIT.  It would be better to reject
> > the attachment if it is too large to scan.

So to check whether it actually *is* too big, you do the "head" thing and
check the length you got back. If it == the limit you applied with head,
you reject.

Nick Phillips -- nwp@lemon-computing.com
Beware the one behind you.

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: