[Mimedefang] JPEG exploit checking in mimedefang-filter
Jared Armstrong
jared at alyeskaresort.com
Sun Oct 17 14:55:21 EDT 2004
It appears to return 'corrupt' on corrupt jpegs, jpegs with extra client
nonsense in them (proprietary watermarks, indexes, rights management, etc.),
and jpegs with steganographic content as well.
Of course, one could argue that even a common corrupt jpeg has the potential
to cause problems on the recipients machine and should be intercepted in
transit anyway. The other items might be a concern as well, depending upon
your environment.
On Tuesday 12 October 2004 09:47 am, Cormack, Ken wrote:
> I cant take credit for the code, myself... I may have merely quoted it in a
> post. The original code was posted by Tomasz Ostrowski.
>
> Ken
>
> -----Original Message-----
> From: Joseph Brennan [mailto:brennan at columbia.edu]
> Sent: Tuesday, October 12, 2004 1:14 PM
> To: mimedefang at lists.roaringpenguin.com
> Subject: RE: [Mimedefang] JPEG exploit checking in mimedefang-filter
>
>
>
> Reference to Ken Cormack's filter code, Sep 28, using djpeg
> to diagnose success or fail...
>
> > my($code, $category, $action) =
> > run_virus_scanner( "djpeg -fast -dither none
> > -grayscale -scale 1/8 -outfile /dev/null $path" );
>
> We find that jpg attachments in mail sent with the OSX Mail program
> fail this test, quite a lot, maybe all the time.
>
> I'm going to be looking into it. If anyone else is ahead of me on
> a solution please say so.
>
> Joseph Brennan
> Academic Technologies Group, Academic Information Systems (AcIS)
> Columbia University in the City of New York
--
[------------------------------------------------------------]
Jared Armstrong
System Administrator
Alyeska Resort
907.754.2100
http://www.alyeskaresort.com
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFA0320D7
[------------------------------------------------------------]
More information about the MIMEDefang
mailing list