G'Day,
I've upgraded to
1.48 from 1.45. since then I've found that some UUencoded attachments are
being corrupted.
Note the DEFANGED_
in bold.
Example email
source provided.
----- Original
Message -------
begin 0
p.21464.Z
M'YV0&XIL,&$F!HP8>6!@&<@FQD(3#9$PE&$C"$,83RYJN5CE(I.+
G,,# ,#
MR@85<&+@D)$#CPP864[*@6'D))T9,&!(D2FCA@TJ,FD<G"(SAD458F
T.2FF
M1HPK
*)*G4JUJM6K6*LR=0HUJ]>O8*=N?1JVK%FM2+F>76MV;%>V<+.ZC4OW
MZMRZ>*7>S8MW+U^Z?O_"#2QX+>'";=.213Q8\5O&9P_7!=2XZ>*_"!!(8"N9
M+F4@AAU#YBQ:,(BXG>,""D+:\F.^A*
.)W8=6%^ 6A'+OV71.[6:@63 *2[
M=G"^ @@ *UXV]5D" (@"$. ^5?G9P5DD&I@MVW( KP?']V<=][P
$( &W\
M<EX@($
3*&!=KOG"0(:7_RX80>7Q?%$& 'K[ 1@7@0(* 8"
8&$7E@<!$!<5
M@P6Z5Y=_ %0G@! 04.B5@W%!T-YK>-'F88/WT<7
;JQ1D*%),*E'@@@$"!B
M(3",B-E4#(3&'WEA@0A7?5@)Z=5I& 8 @(A(P,B7!
SD)@ 0! 0"@!).XJ7D
M5$JR=F*1*7H&6)AQ;9EA=#D&2>9STDEU&C
1X)$E7T2(&)4 $>@S9UU;VBD5
M$WO6!5U5? 2*6)-J_E@7! H"HAX@@""*HJ)>$5A5
!10-D!4A#"PC*%U94(A
M>Y,:2!>1B9JZ(ZAK#0I$!(-F2 :K:RE)2
0#G&9""$30JEJ; !2:JH6(D7K=
MFG%AB*I=R)Z%@)(,0A#KL92RA1YK0H!@2
"0?,ELM73! AT"OI)K:I_6?IA
MLW%!-Z6O<8$@X@!@P%M6>.6 (("\ $0@AKUF32M$ -.N"RY=[ DP T AS4M
M=!/ TC!;0
S@K55&8H4>( D@<5H0(Q
S,5CA^8>!NN<2VY^.A5UL,+IPB7C:
MLABS:Q:'Z:4W LM:1A5A )TQS-C&
X;8XG J5P7>BB_K+2Q82&@(#A 0""(
MN2D?S2<D@HBG])!3N5SSP6P!HB3-W\+L;%3^B3VVVF;Y!P%[<,
Q-%Z;Y3>@
M5$7;1_;27FM](=I494R>X5]!8.;==7$(#!@.0)TU8TU/#N3(0"*>%02$_*=R
MCY>C]7?H>ME,NN:,$1:
DAD@T>'I*:H'P #.G/'//_D00CAJ*9KY@3,(
,(!
M)2(0X+;G6F.P@S=H
&)!+;(0D$D*J:_YP3ZW_S/#.?_0TT_V]IS#>5Z=_?#/
M#\]D/\\-Z=].@Q\S$ (,(
KR3JGL">PS P_#P.//%[?+Q#_ \8=GD,,3?_C'
M /YQO+=]S5/_<,8?T/<-8SSA'_S@@SW^\(A]<,\3:; ?NBR B
0(0,_4,87
M#*"%:]""#>,PP3-VP8I-F".$R*-*K"9@IT#@0P]?L( <)G (<"3#%&_8! XR
M@4016BA6,Z@7 )X!#P#D81SGX,?M\H&[3YS@'[]@8
ZODH%91<<?LS/;)/P!
M! 08X0_CD$<^_,$&)VKM!U)<4G0HDP%#R"<!D!
!,F2P.P>2B#T7J&)41!0A
M &2#%E%1CE1T0(,&B@Y=$K!;5#"0Q@!@,"H'4"0 ?L
/2Q8N16F"01X929E/
M#DB3 )B &)/V&$Y*Y0/DD H/TAA+!L'2 ;#TT7@"0*H9,(@%
VJE*&'Y 32.
MT2H3 (54W$69=$BL*AEP@1VG8JX!@$./=Z),&KX4
&0^<TD,>@%E.,E)BP7@
M!<"0"BS_4,IS4B4'D )WMD
+.)L4E^>L \3"D6\RRND?[ID0 HPX$O12 3
MV[Q* *3I'_\L% !>8)!N<I
-J1"T,R_X)@< 8%'*_"&>.4*!5,P7R6O.:7$
M4*<^ :#0J'R
,B)*P#<1,,%(=HV;3GL+3'E F1Z-] !1$1>W
/"!>HV@&>F(
MI(>F=:*]P/0'591;)_^!TE'6ZP+]>$=4A#85FG4F 931*GI\
!H11>"K94#&
MG83Y-;1*A9/HV24 \OE6 %B@# *R)5:J:A[!CO*;207
<PVT+T>%@ V^$.W
M2.H5K &@,RSPT*8"\ G*5#$"H/F
.0"0H\IYE&VE.Q@+XHG:\ 1 K_G<0%0\
M4*BVTE5K+F M %3J6AN
AC(?D.8%:CM3L/BI?+I]T6(#,(]XQO,!W[P!/P"P
M![^2M&U4:20
*)#:XZB+J&Z:771^8+8JVM4#]=H4!<"! !%1HBJL/6YI$*"N
MD$H%!]&)#CPHDT_R
B #\3P$ !KZ V(PP!( P*]_I2)?U4HQ /A0;'3$6,4<
M?!.K !CH2!G0HTCL%@
B<&YBH^(7<]D J$H*P TH0YD$D+A>2P!$17TVF]R
MID9G(O&:C,G@/0:
QY1YP"9A3-F^@> W " != C GKU #0;?A, 3JHA4YE+F
MFQ8&0 ZJN _VGNE-*@W!L\ A,CDTF3=] P /OCF!<D0XQ9Q@<4PIXP&[?6#
MI$UP5%"@)
X$0,G@O.R:) :"Y0 '?EEZC%;',\%"&BD4E'IDG(#G0:CZP*@
MN<"A ="
J'S#;/5R@317 T +$":E 4-,%!0@$G3IFB=N4&]?O ';'
Z*N_X
MS"@I\P*[59>3_L$O(&"@I$%M"M8[KI</_H")1(]SI90!)@"6 0A.0B='@
@F
M!([=W:_]H5X?^$>SA3R ?$0'RUB.YQ^DDJ,S_ 8$$"JL,.3)D$?+(H
N($_
MY%3E3T0EGOY-0(27T.,8* ?;^0V/I;\F@7K=P RE;C4 [
H:&Z25&P"()W=%
M9">$*TE=3J8*!.IE Q/D<TLI,%M2*<,)9B19CQQ/K
04M[>"\J=^4OG#-^_@
MBT().0"Y#@# *<.'?YR)DR)29(ZF$!U@;
J_.N:/=J.2@M">(\(^RP=EX@F'
M;X(U$M^L]&P2&X6$%]?>Z$H!R?V09@;QF
;-R.==QRX5T"AI4S9/>SSOX >Y
M(D@J%J
,';I1ZIER4M(UO_LI^:.N!P#\'X@F*X,X\,TW_$.12"^NGR*$]VYW
M)0#RH(KCF0KY6$I%MWQXKBLS;TL1V5W">?\:/[[)A'E$^,Y-E\H<
-X/1&\W
MS]L!!@P.\(]G 2,\@BT?9<S7[ F<7BH#!, =^B'IC>=WV
(P[, T?FHHTNF
M:_A%J3LOH !$("IW& +4N00=W:1X\>AZ V62X
LJGS8Z=K*!$&Q=63,A^V 6
M!@$_8 YVXWQ1@5@#,'OYY@^&=14>L""HY7U?\PZ',
%:! \$\(#1,5W1,0DF
M=7E?@2'0@0!G)G7%P0*$\ G/( ]^8 :;$1V@$P
0!0 .< 2<D!4*0%E\4X+H
MX@*Q\ _LH OW8 =S0
B8$ -0!D%D WU\@)'@'$:HX.7=!E0XP2[< KTX OS
MT O_\ Y=\ /]$$]=\ _2] /^0
U943)I0X4ZM DC0 [^\ ><$$$7Q _ E/
MH'6>Y
^6-15"EF:>5W=4,0?I\P"71P[A%@]:] ^?D#W^T(A8=Q53TH"!>!5S
M<$'_\#W_D
D_D _SP _YT(CYP _^D ]9E(90T&R&Q"4XV (DT 4R4 O9L C$
MD VP(
5,Y'M8(07>4F)'0@!- .'D U)0 0?( A"D FZ@ 81%1UR9Q41 @)"
M 0SX
]Y@ -_($#GD FSP X1!0$29Q;$( IS8 !X\ S^@'C1(3E@PA^@DQU1
MT49"P(Q204R8<SBF$S.,(Q@0H%N6$Q6%!!8%\(RE\C5:4F\%*3BD4XGWMY"Q
M]QH$)5&))"Q&4X]_
0*4@%0\ U-U09 5R1B0P"_W&!8ON(]\ 02F%!B
>!9I
M(C6!0Q4)$)!8X9(F>1XO&3;I<I,>Q8YE433_<C>"P)-@$0#4$Q7O^)%[$Y%3
M02I"IY,.N8:O43
!4Q>!,2@RF6.">#>5)I,$@WTB\E$ITEY<:3PX:9)7V1<I
M,C-/B7;$<I8UUXP6&8\.\R;K84\35Y=*"9<TMI9LJ9
.B3I285I.B953AQ4D
DEFANGED_M $*@Y;5(IA4<1J,B919P9%N(IFT="2)1A7HX6+DTRQ$(I6*:2!FP@
8@ /L
DEFANGED_M 08" ATXX):K^!6FI2]\
2(<^9B#215)(I>Z5AB=,2W^H6K0^)D&N2\6( N
M!@2L10
#X">JR9!602!G0YN"83AY^8]E01F>297YB)=8"8&^J9 +10 )
;$
M20J0D1IRMAXW-I[7F3GIB8]D4YWH.3H+Z1R4>9FON9ZC
9BXF9XD^)YP$Y_V
MR9\&^93X^9S_63WP"3L'&CH#^A<+6I\)>CD-NID/JIX3RI[]B:
7JJ %BA@1
MNIU\"94?NIHA6E!R( 0;@ (XT!$H,
<Q <R( ,ND!-V$ -S, DEFANGED_-B0 ,Q0
,X
DEFANGED_M !0HP1)XH!(P401X =O( =T<!(NVA(4 1-$4
DEFANGED_9LD DEFANGED_9V4
DEFANGED_9RD <@0 1O,
DEFANGED_9K
DEFANGED_M4 9'BJ(JRJ)P@
,Q"@,S.@<P<*,\FA(S< ,MH:,UD 5/4 =R )24 9F@*0Q
MD*8M40,XP*1A0 =E8*=XB@<V< -M.@1/6@9N0 <@, DEFANGED_1O0
9_VJ,M<0,OD05#
M$ 9&&@9G4
:+^@9M =AX 9Y@*0S$*DY !-0D 98"@)5
<@$ DEFANGED_1D0 DEFANGED_9R4
DEF
ANGED_9S
M, =(ZJ,W8 ,P<1)C$ ,& 0-A(
,FJ@)C4!*U&JFX&A/"*@._BJO!.JPF@1(Q
M( -JB@=JRJ1E0*1T\ )7@ :66J?02A'&FJO"F@,O\:O-2JS?:@/ABJQCH*Q+
DEFANGED_M>J[/FJ0_&@,UT*93@
9IP*HOT*II( =C( =A8 9'FJXMP:OUF@5'\ :-.@=5
M*JMC4*P_VA-!2@5$ +%W6@,P,01UH*A/8 9F4*5]^J@I
:X_.@,8FP6G6@9C
M(*L6.ZJ%^@9N, =I< 9N4
8B&ZWJ6K(YT*974 8SBP8#.[(YFZ-"D056\ 9L
M4 =M(+(^2K2F6J2*^@8?2P1I, =CP*URD*EV2K(YB@-MB@1AH >62@9O4 >T
M"JTU,*U=VZ994 1$
:V#6K T<+*ZJJQ" :]V&K<_.K?B.@9"8:ZZBJXIH;==
MBP/L^K? &KCQ&@,WP+A[2[?)&@9WJ[AVB@-JRZ99X
09 :TY<+F0VZZ2"P-X
MR[F>V[>(.[HIT;ERBP.&JZNG2[D]>A
W\+A]:[>B"[OR2J\YP:XR@!.^FKC"
M2JQ<>J)>"J8R2J,V2@-GVK1I"Q-!P
9L )CP 9AD 9MP+!M8+:**@::Z@9O
M0 =I8 9I4 9D )IX 8@< =RD
;@ZP9GD+[LBZ_H>P,@0 9AD =GF[LV8!!9
M8 9RP*GU&[(@(+4@$*LKFZ]TX
(GFJ+$VZ+&*Z8T6J;*:[$V<*P]"P*6VKW?
MB\'2RZEM +/2:ZGK*Z48[
;E&P;0"P)B8+;G*ZL,6[4@0 < &[-A, 9^6KYU
M8,(D3
=HP+0%>P.[RZB=^JEY< (,.P=T\*GV*P?E*\-A0 ;G^[YC
+-0#+XP
M.P<LD+[X>K48'*L@ ?KFZCD.\#H&ZM1*@=S4
8*/+PKZL!A.J;)N[P%NZ<9
MZP)4X (@8 2Q^K-;RL!M_*5O',%F:K%>Z[PN, 0NX
1XG!.$I*,Y ) 7
,6
MFP.ERKN^"[C!:Q)L7+R!7*.##*TTX*,O@1.4"K-)W,)QZ@1*R[UHO,!=ZL;'
M2Z:?+*\ONJ=9,
4SZP9]"J<^[!*^FP4N$,S"/,S$7,S&?,S(G,S*O,S,;,P0
M*P,T4+1.$ 9+F\5PP 9E$
9I_,5A'+2B3
/'VLSB/,[D7,[E_,RXRJ=^BLZ3
M:L[N_,[P/,[/?*LP0076V\O2:LOQO,_\W,^NW,"
',MQO+5*B@.DW*1/>L94
MZ@3?R[($81 (X1 #41
'D0<&\1 4C1 RL!";# ,I 0-AB@;1^L8P(,LS(,=X
MH*,TD
4TTM(N_=(P'=,R/=,TW=(L 0,UD*8@, 5N6],T K%Z"A,^/=1$7=0M
M#0,V\ (P(
-*34A$#;&#:@,L;=147=4O+0124 100
6W/-5##;&2NM(TG1,Y
M"@);S=),0+%6O=96#;$X8 .&Z])8701-D 1#L 1FS=4@D-9$P-8O3=8TD-=H
MK=9^#;$Y$
-2[=)08-=+4 50T*I$0 19/053$ -^[=)' 5/((U/@ 4@D*.Z
M6]B0B@<Y8 -BW=)!$-F3/05.?=DRW01%P 1"\ 15(
5.4 2+F@1ZW01#4-46
M>Q
RX-5[G02W/0.N[=.P+=NT;=NX;05V#0)T;-E&_=O'ZM),0-Q%$-C'3=-!
M4
7;'=,6:Q!QW=+7[00U\-WH3=7A[1/"+=-$D 19/014 )*$ 1" -_>?=PO
M:M9!P 1,4
14, 4[305#L -//=K1"@.G3=.F#0/I'=-6$ 12D 2T+>!&$ 13
M0 5%<-M2(.
U;;$]$=P^_:)*'0,O\!)+_>#HW;(ZVMXQS;@E?N*,G-[[O=TM
M6]HN#M-S7==WK>*?'<D@G1,@L 1'X-L('LT+/M/=?==,$
1.T-</SK@Q>MY#
MD-]MO<FP#,&R/,$$^Z,V,*DRT *!C=6I;01/(
5]G>%9#> ^O;5#6\&&V]]%
M@ 5.+ME)$ 0Q[013<
4@\!+T"M-N_L.(G054X*0@@ )+G0+0/0,ZS;JL^]5=
MSKBFG05&$
9X<.B)#@*EG0/&[1- _-4=_=$A/=(R6M)E>M*![A(P8,M,\ )4
M 5(4
4T<-B=:P/G[>-%G>HR$*V&V^I4\-]5@!/TVN"XGNM=ONNWF@6M/@12
6@ 55\*([.P-_7NQ#S0
3#='7N!!% .I4
end
------- Cfg
file --------
#
# These are the
default values for all feature switches.
#
feat_verbose =
1 # Warn user about unscanned parts, etc.
feat_log_inline =
0 # Attach log to message
feat_log_stderr = 1 # Print log to standard
error
feat_force_name = 0 # Force all parts (except text/html parts)
to
# have file names.
feat_files = 1 # Enable
filename-based policy decisions.
feat_boundaries = 0 # Replace all boundary
strings with our
own
# NOTE: Always breaks PGP/MIME messages!
feat_lengths =
1 # Protect against buffer overflows and
null
# values.
feat_scripts = 1 # Defang incoming shell
scripts.
feat_html = 1 # Defang active
HTML content.
feat_trust_pgp = 0 # Don't scan PGP signed message
parts.
feat_uuencoded = 1 # Sanitize inline uuencoded
files.
feat_forwards = 1 # Sanitize forwarded
messages
feat_testing = 0 # This isn't a test-case
configuration.
feat_fixmime = 1 # Fix invalid MIME, if
possible.
##
## These are the default scoring
thresholds.
##
#score_bad = 100 # Any message
exceeding this value will
cause
#
# the sanitizer to return a non-zero
exit
#
# code after processing the entire message.
#
#score_panic =
0 # If the sanitizer's internal score
exceeds
#
# this value, the sanitizer will
terminate
#
# immediately with a non-zero exit
code.
#
# Setting to 0 disables this feature.
#
# You may need to increase the
following if you have a very
# complex configuration split between multiple
files.
#
# max_conf_recursions = 5 # The default
is 5.
#
# Create temporary or saved files using this template.
# An
attachment named "dude.txt" might be saved as
#
#
/var/quarantine/att-A9Y-dude.txt
#
# Note: The directory must exist
and be writable by
# the user running the sanitizer.
#
file_name_tpl =
/var/quarantine/$$$-$F
# We have three
policies, in addition to the default which is
# to defang file
names.
#
file_list_rules = 1
file_default_policy =
accept
file_default_filename = unnamed.file
# Delete obviously
executable attachments. This list is VERY
# incomplete! This is a
perl regular expression, see "man
# perlre" for info. The (?i) prefix
makes the regexp case
# insensitive.
#
# There is only one policy,
since we aren't using an external
# scanner. The file list is split
accross two lines, for fun.
#
#file_list_1 =
(?i)\.(exe|com|lnk
#file_list_1 += |cmd|vbs|pif|bat)$
#file_list_1_policy
= save
#file_list_1_scanner = 0
# Files we
absolutely don't want (mostly executables).
#
file_list_1_scanner =
0:2:3:/usr/local/bin/check_for_virus %FILENAME %REPLY_TO v
irusmanager virusmanager@gmaaust.com.au
%HEADER(to) %HEADER(subject)
file_list_1_policy =
unknown:mangle:save:save
file_list_1
= (?i)(winmail\.dat
file_list_1 +=
|\.(exe|vb[es]|zip|lnk|cmd|c(om|hm)|bat|pif|s(ys|cr))
file_list_1
+= (\.g?z|\.bz\d?)*)$
# Scan mp3 files for
Evil Viruses, using the imaginary mp3virscan
# utility. Always define
FOUR potential policies, which depend on the
# exit code returned by the
scanner. Which code means what is
# defined in the scanner line, which
must contain THREE entries.
# The fourth policy is used for "anything
else".
#
# "accept" if the file is clean (exit status 0 or
1)
# "mangle" if the file was dirty, but is now clean (2 or
4)
# "drop!" if the file is still dirty
(66)
# "save" if the mp3virscan utility returns some
other exit
code
# or
an error occurs.
#
#file_list_2_scanner =
0:2:3:/usr/local/bin/check_for_policy %FILENAME %REPLY_TO
virusfound virusfound@gmaaust.com.au
%HEADER(to) %HEADER(subject)
#file_list_2_policy =
unknown:mangle:save:save
#file_list_2
= (?i)\.(mp3|mp2|mpg|mpeg|mpe|avi)$
# Scan WinWord and
Excel attachments with built-in macro scanner.
# We consider anything
exceeding the score of 25 to be dangerous,
# and save it in the
quarantine.
#
#file_list_2 =
(?i)\.(doc|dot|xls|xlw)$
#file_list_2_policy =
accept:accept:save:save
#file_list_2_scanner = 0:1:2:builtin
25
#