Thanks for your comments Paul. All good points.
--- Paul Murphy <[EMAIL PROTECTED]> wrote: > Chris, > > Some observations: > > 1. You don't check the size of Zip members before > uncompressing them, which can > lead to denial of service attacks. I've added more size checking!! > > 2. There are many nesting methods for zip files, I'm going to add support for other types in the next version and try and make the functions general to all archive types/nesting methods. > > 3. In general, nested ZIP files are a waste of > time, The nesting functioanlity is mainly to stop users zipping up attachments to get them through and to block/quarantine password-protected viruses etc etc. > > 4. Decompressing to /tmp may not be the best idea, Inflating to /tmp was just for test purposes. I think we're going to use a purpose create dir in /var as /var/spool/MIMEDefang is on a ramdisk. __________________________________ Do you Yahoo!? Yahoo! Search - Find what you�re looking for faster http://search.yahoo.com _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
