Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Nov 2001 17:59:38 -0800
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        Drew Tomlinson <drew@mykitchentable.net>
Cc:        FreeBSD user <freebsd@XtremeDev.com>, questions@FreeBSD.ORG
Subject:   Re: What is "Defanged Link"?
Message-ID:  <20011112175938.A45158@blossom.cjclark.org>
In-Reply-To: <005701c16ac3$c021eba0$0301a8c0@bigdaddy>; from drew@mykitchentable.net on Sun, Nov 11, 2001 at 07:15:51AM -0800
References:  <036c01c169fc$94ee12f0$0301a8c0@bigdaddy> <20011111003339.I69195@blossom.cjclark.org> <005701c16ac3$c021eba0$0301a8c0@bigdaddy>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Nov 11, 2001 at 07:15:51AM -0800, Drew Tomlinson wrote:
> ----- Original Message -----
> From: "Crist J. Clark" <cristjc@earthlink.net>
> To: "Drew Tomlinson" <drew@mykitchentable.net>
> Cc: <questions@FreeBSD.ORG>
> Sent: Sunday, November 11, 2001 12:33 AM
> Subject: Re: What is "Defanged Link"?
> 
> 
> > On Sat, Nov 10, 2001 at 07:30:09AM -0800, Drew Tomlinson wrote:
> > > This morning I was reviewing the daily output run from one of my
> > > machines.  What is the meaning of "DEFANGED_LINK"?  The following
> is a
> > > snip of the report:
> 
> [snip]
> 
> > You wouldn't be running your mail through some kind of
> procmail-based
> > (or another mail scanner) defanger?
> 
> Umm, yep.  I just started experimenting with the E-mail Sanitizer.  So
> I assume this is just something it does?  Do you have any idea why?

"Use the source, Luke."

  $ fgrep -i link html-trap.procmail
  
* 1^1 \<(html|title|body|meta|app|script|object|embed|i?frame|style|img|bgsound|layer|link)
                s/<(META|APP|SCRIPT|OBJECT|EMBED|FRAME|IFRAME|LAYER|LINK)/<DEFANGED_$1/gi;      #\
              unlink($destf);   #\

There is the code that does it.

> I
> reread the docs at
> http://www.impsec.org/email-tools/procmail-security.html but do not
> see any mention of this.

The sanitizer code treats "<link>" as a potentially hostile tag.

> And FWIW, I see this on both of my FBSD
> boxes but I am only running the sanitizer on one.  The other is a
> firewall only.

Is the mail from the firewall relayed through the machine running the
sanitizer? It is clearly the sanitizer doing this.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011112175938.A45158>