G'Day,
 
I've upgraded to 1.48 from 1.45.  since then I've found that some UUencoded attachments are being corrupted.
 
Note the DEFANGED_ in bold. 
 
Example email  source provided.
 
----- Original Message -------
From: informix@ctfrt.ctfreight.com (Informix User)
X-Mailer: SCO OpenServer Mail Release 5.0
To: informix@ctfrt.ctfreight.com, printer@gmaaust.com.au
Subject: GMA Print
Date: Wed, 6 Feb 2002 12:11:12 EDT
X-Sanitizer: This message has been sanitized!
X-Sanitizer-URL: http://mailtools.anomy.net/
X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.51 2002/01/04 19:55:10 bre Exp $
 
begin 0 p.21464.Z
M'YV0&XIL,&$F!HP8>6!@&<@FQD(3#9$PE&$C"$,83RYJN5CE(I.+ G,,# ,#
MR@85<&+@D)$#CPP864[*@6'D))T9,&!(D2FCA@TJ,FD<G"(SAD458F T.2FF
M1HPK *)*G4JUJM6K6*LR=0HUJ]>O8*=N?1JVK%FM2+F>76MV;%>V<+.ZC4OW
MZMRZ>*7>S8MW+U^Z?O_"#2QX+>'";=.213Q8\5O&9P_7!=2XZ>*_"!!(8"N9
M+F4@AAU#YBQ:,(BXG>,""D+:\F.^A*  .)W8=6%^ 6A'+OV71.[6:@63 *2[
M=G"^ @@ *UXV]5D"  (@"$. ^5?G9P5DD&I@MVW( KP?']V<=][P $(  &W\
M<EX@($ 3*&!=KOG"0(:7_RX80>7Q?%$& 'K[ 1@7@0(* 8" 8&$7E@<!$!<5
M@P6Z5Y=_ %0G@! 04.B5@W%!T-YK>-'F88/WT<7  ;JQ1D*%),*E'@@@$"!B
M(3",B-E4#(3&'WEA@0A7?5@)Z=5I& 8 @(A(P,B7! SD)@ 0! 0"@!).XJ7D
M5$JR=F*1*7H&6)AQ;9EA=#D&2>9STDEU&C 1X)$E7T2(&)4 $>@S9UU;VBD5
M$WO6!5U5? 2*6)-J_E@7! H"HAX@@""*HJ)>$5A5 !10-D!4A#"PC*%U94(A
M>Y,:2!>1B9JZ(ZAK#0I$!(-F2 :K:RE)2 0#G&9""$30JEJ; !2:JH6(D7K=
MFG%AB*I=R)Z%@)(,0A#KL92RA1YK0H!@2 "0?,ELM73!  AT"OI)K:I_6?IA
MLW%!-Z6O<8$@X@!@P%M6>.6 (("\ $0@AKUF32M$ -.N"RY=[ DP  T AS4M
M=!/ TC!;0 S@K55&8H4>( D@<5H0(Q S,5CA^8>!NN<2VY^.A5UL,+IPB7C:
MLABS:Q:'Z:4W LM:1A5A  )TQS-C& X;8XG J5P7>BB_K+2Q82&@(#A 0""(
MN2D?S2<D@HBG])!3N5SSP6P!HB3-W\+L;%3^B3VVVF;Y!P%[<, Q-%Z;Y3>@
M5$7;1_;27FM](=I494R>X5]!8.;==7$(#!@.0)TU8TU/#N3(0"*>%02$_*=R
MCY>C]7?H>ME,NN:,$1: DAD@T>'I*:H'P #.G/'//_D00CAJ*9KY@3,( ,(!
M)2(0X+;G6F.P@S=H &)!+;(0D$D*J:_YP3ZW_S/#.?_0TT_V]IS#>5Z=_?#/
M#\]D/\\-Z=].@Q\S$ (,( KR3JGL">PS P_#P.//%[?+Q#_ \8=GD,,3?_C'
M /YQO+=]S5/_<,8?T/<-8SSA'_S@@SW^\(A]<,\3:; ?NBR B  0(0,_4,87
M#*"%:]""#>,PP3-VP8I-F".$R*-*K"9@IT#@0P]?L( <)G (<"3#%&_8! XR
M@4016BA6,Z@7 )X!#P#D81SGX,?M\H&[3YS@'[]@8 ZODH%91<<?LS/;)/P!
M! 08X0_CD$<^_,$&)VKM!U)<4G0HDP%#R"<!D! !,F2P.P>2B#T7J&)41!0A
M &2#%E%1CE1T0(,&B@Y=$K!;5#"0Q@!@,"H'4"0 ?L /2Q8N16F"01X929E/
M#DB3 )B &)/V&$Y*Y0/DD H/TAA+!L'2 ;#TT7@"0*H9,(@% VJE*&'Y 32.
MT2H3 (54W$69=$BL*AEP@1VG8JX!@$./=Z),&KX4 &0^<TD,>@%E.,E)BP7@
M!<"0"BS_4,IS4B4'D   )WMD +.)L4E^>L \3"D6\RRND?[ID0 HPX$O12 3
MV[Q* *3I'_\L% !>8)!N<I -J1"T,R_X)@< 8%'*_"&>.4*!5,P7R6O.:7$
M4*<^ :#0J'R ,B)*P#<1,,%(=HV;3GL+3'E F1Z-] !1$1>W /"!>HV@&>F(
MI(>F=:*]P/0'591;)_^!TE'6ZP+]>$=4A#85FG4F 931*GI\ !H11>"K94#&
MG83Y-;1*A9/HV24 \OE6 %B@# *R)5:J:A[!CO*;207  <PVT+T>%@ V^$.W
M2.H5K &@,RSPT*8"\ G*5#$"H/F .0"0H\IYE&VE.Q@+XHG:\ 1 K_G<0%0\
M4*BVTE5K+F M %3J6AN AC(?D.8%:CM3L/BI?+I]T6(#,(]XQO,!W[P!/P"P
M![^2M&U4:20 *)#:XZB+J&Z:771^8+8JVM4#]=H4!<"! !%1HBJL/6YI$*"N
MD$H%!]&)#CPHDT_R B #\3P$ !KZ V(PP!( P*]_I2)?U4HQ /A0;'3$6,4<
M?!.K !CH2!G0HTCL%@ B<&YBH^(7<]D J$H*P TH0YD$D+A>2P!$17TVF]R
MID9G(O&:C,G@/0: QY1YP"9A3-F^@> W " != C GKU #0;?A, 3JHA4YE+F
MFQ8&0 ZJN _VGNE-*@W!L\ A,CDTF3=] P /OCF!<D0XQ9Q@<4PIXP&[?6#
MI$UP5%"@) X$0,G@O.R:)  :"Y0 '?EEZC%;',\%"&BD4E'IDG(#G0:CZP*@
MN<"A =" J'S#;/5R@317  T +$":E 4-,%!0@$G3IFB=N4&]?O ';' Z*N_X
MS"@I\P*[59>3_L$O(&"@I$%M"M8[KI</_H")1(]SI90!)@"6 0A.0B='@ @F
M!([=W:_]H5X?^$>SA3R ?$0'RUB.YQ^DDJ,S_  8$$"JL,.3)D$?+(H N($_
MY%3E3T0EGOY-0(27T.,8* ?;^0V/I;\F@7K=P RE;C4 [ H:&Z25&P"()W=%
M9">$*TE=3J8*!.IE Q/D<TLI,%M2*<,)9B19CQQ/K 04M[>"\J=^4OG#-^_@
MBT().0"Y#@# *<.'?YR)DR)29(ZF$!U@; J_.N:/=J.2@M">(\(^RP=EX@F'
M;X(U$M^L]&P2&X6$%]?>Z$H!R?V09@;QF ;-R.==QRX5T"AI4S9/>SSOX >Y
M(D@J%J ,';I1ZIER4M(UO_LI^:.N!P#\'X@F*X,X\,TW_$.12"^NGR*$]VYW
M)0#RH(KCF0KY6$I%MWQXKBLS;TL1V5W">?\:/[[)A'E$^,Y-E\H< -X/1&\W
MS]L!!@P.\(]G 2,\@BT?9<S7[ F<7BH#!, =^B'IC>=WV  (P[, T?FHHTNF
M:_A%J3LOH !$("IW& +4N00=W:1X\>AZ V62X LJGS8Z=K*!$&Q=63,A^V 6
M!@$_8 YVXWQ1@5@#,'OYY@^&=14>L""HY7U?\PZ', %:! \$\(#1,5W1,0DF
M=7E?@2'0@0!G)G7%P0*$\ G/( ]^8 :;$1V@$P 0!0 .< 2<D!4*0%E\4X+H
MX@*Q\ _LH OW8 =S0 B8$  -0!D%D WU\@)'@'$:HX.7=!E0XP2[< KTX OS
MT O_\ Y=\ /]$$]=\ _2] /^0 U943)I0X4ZM DC0 [^\ ><$$$7Q _   E/
MH'6>Y ^6-15"EF:>5W=4,0?I\P"71P[A%@]:] ^?D#W^T(A8=Q53TH"!>!5S
M<$'_\#W_D D_D _SP _YT(CYP _^D ]9E(90T&R&Q"4XV (DT 4R4 O9L C$
MD VP( 5,Y'M8(07>4F)'0@!-  .'D U)0 0?( A"D FZ@ 81%1UR9Q41 @)"
M  0SX ]Y@ -_($#GD FSP X1!0$29Q;$( IS8 !X\ S^@'C1(3E@PA^@DQU1
MT49"P(Q204R8<SBF$S.,(Q@0H%N6$Q6%!!8%\(RE\C5:4F\%*3BD4XGWMY"Q
M]QH$)5&))"Q&4X]_ 0*4@%0\ U-U09 5R1B0P"_W&!8ON(]\ 02F%!B >!9I
M(C6!0Q4)$)!8X9(F>1XO&3;I<I,>Q8YE433_<C>"P)-@$0#4$Q7O^)%[$Y%3
M02I"IY,.N8:O43 !4Q>!,2@RF6.">#>5)I,$@WTB\E$ITEY<:3PX:9)7V1<I
M,C-/B7;$<I8UUXP6&8\.\R;K84\35Y=*"9<TMI9LJ9 .B3I285I.B953AQ4D
DEFANGED_$*@Y;5(IA4<1J,B919P9%N(IFT="2)1A7HX6+DTRQ$(I6*:2!FP@ 8@ /L
DEFANGED_M 08" ATXX):K^!6FI2]\ 2(<^9B#215)(I>Z5AB=,2W^H6K0^)D&N2\6(  N
M!@2L10 #X">JR9!602!G0YN"83AY^8]E01F>297YB)=8"8&^J9 +10 )  ;$
M20J0D1IRMAXW-I[7F3GIB8]D4YWH.3H+Z1R4>9FON9ZC 9BXF9XD^)YP$Y_V
MR9\&^93X^9S_63WP"3L'&CH#^A<+6I\)>CD-NID/JIX3RI[]B: 7JJ %BA@1
MNIU\"94?NIHA6E!R( 0;@ (XT!$H, <Q  <R( ,ND!-V$ -S, DEFANGED_-B0 ,Q0 ,X
DEFANGED_M !0HP1)XH!(P401X  =O( =T<!(NVA(4 1-$4 DEFANGED_9LD DEFANGED_9V4 DEFANGED_9RD <@0 1O, DEFANGED_9K
DEFANGED_M4 9'BJ(JRJ)P@ ,Q"@,S.@<P<*,\FA(S< ,MH:,UD 5/4 =R  )24 9F@*0Q
MD*8M40,XP*1A0 =E8*=XB@<V< -M.@1/6@9N0 <@, DEFANGED_1O0 9_VJ,M<0,OD05#
M$ 9&&@9G4 :+^@9M  =AX 9Y@*0S$*DY !-0D 98"@)5  <@$ DEFANGED_1D0 DEFANGED_9R4 DEF
ANGED_9S
M, =(ZJ,W8 ,P<1)C$ ,& 0-A( ,FJ@)C4!*U&JFX&A/"*@._BJO!.JPF@1(Q
M( -JB@=JRJ1E0*1T\ )7@ :66J?02A'&FJO"F@,O\:O-2JS?:@/ABJQCH*Q+
DEFANGED_M>J[/FJ0_&@,UT*93@ 9IP*HOT*II( =C( =A8 9'FJXMP:OUF@5'\ :-.@=5
M*JMC4*P_VA-!2@5$ +%W6@,P,01UH*A/8 9F4*5]^J@I :X_.@,8FP6G6@9C
M(*L6.ZJ%^@9N, =I< 9N4 8B&ZWJ6K(YT*974 8SBP8#.[(YFZ-"D056\ 9L
M4 =M(+(^2K2F6J2*^@8?2P1I, =CP*URD*EV2K(YB@-MB@1AH >62@9O4 >T
M"JTU,*U=VZ994 1$ :V#6K T<+*ZJJQ" :]V&K<_.K?B.@9"8:ZZBJXIH;==
MBP/L^K? &KCQ&@,WP+A[2[?)&@9WJ[AVB@-JRZ99X 09 :TY<+F0VZZ2"P-X
MR[F>V[>(.[HIT;ERBP.&JZNG2[D]>A W\+A]:[>B"[OR2J\YP:XR@!.^FKC"
M2JQ<>J)>"J8R2J,V2@-GVK1I"Q-!P 9L  )CP 9AD 9MP+!M8+:**@::Z@9O
M0 =I8 9I4 9D  )IX 8@< =RD ;@ZP9GD+[LBZ_H>P,@0 9AD =GF[LV8!!9
M8 9RP*GU&[(@(+4@$*LKFZ]TX (GFJ+$VZ+&*Z8T6J;*:[$V<*P]"P*6VKW?
MB\'2RZEM +/2:ZGK*Z48[ ;E&P;0"P)B8+;G*ZL,6[4@0 < &[-A, 9^6KYU
M8,(D3 =HP+0%>P.[RZB=^JEY< (,.P=T\*GV*P?E*\-A0 ;G^[YC +-0#+XP
M.P<LD+[X>K48'*L@  ?KFZCD.\#H&ZM1*@=S4 8*/+PKZL!A.J;)N[P%NZ<9
MZP)4X (@8 2Q^K-;RL!M_*5O',%F:K%>Z[PN, 0NX 1XG!.$I*,Y  ) 7 ,6
MFP.ERKN^"[C!:Q)L7+R!7*.##*TTX*,O@1.4"K-)W,)QZ@1*R[UHO,!=ZL;'
M2Z:?+*\ONJ=9, 4SZP9]"J<^[!*^FP4N$,S"/,S$7,S&?,S(G,S*O,S,;,P0
M*P,T4+1.$ 9+F\5PP 9E$ 9I_,5A'+2B3 /'VLSB/,[D7,[E_,RXRJ=^BLZ3
M:L[N_,[P/,[/?*LP0076V\O2:LOQO,_\W,^NW," ',MQO+5*B@.DW*1/>L94
MZ@3?R[($81 (X1 #41 'D0<&\1 4C1 RL!";# ,I 0-AB@;1^L8P(,LS(,=X
MH*,TD 4TTM(N_=(P'=,R/=,TW=(L 0,UD*8@, 5N6],T K%Z"A,^/=1$7=0M
M#0,V\ (P( -*34A$#;&#:@,L;=147=4O+0124 100 6W/-5##;&2NM(TG1,Y
M"@);S=),0+%6O=96#;$X8 .&Z])8701-D 1#L 1FS=4@D-9$P-8O3=8TD-=H
MK=9^#;$Y$ -2[=)08-=+4 50T*I$0 19/053$ -^[=)'  5/((U/@ 4@D*.Z
M6]B0B@<Y8 -BW=)!$-F3/05.?=DRW01%P 1"\ 15( 5.4 2+F@1ZW01#4-46
M>Q RX-5[G02W/0.N[=.P+=NT;=NX;05V#0)T;-E&_=O'ZM),0-Q%$-C'3=-!
M4 7;'=,6:Q!QW=+7[00U\-WH3=7A[1/"+=-$D 19/014  )*$ 1" -_>?=PO
M:M9!P 1,4 14, 4[305#L -//=K1"@.G3=.F#0/I'=-6$ 12D 2T+>!&$ 13
M0 5%<-M2(. U;;$]$=P^_:)*'0,O\!)+_>#HW;(ZVMXQS;@E?N*,G-[[O=TM
M6]HN#M-S7==WK>*?'<D@G1,@L 1'X-L('LT+/M/=?==,$ 1.T-</SK@Q>MY#
MD-]MO<FP#,&R/,$$^Z,V,*DRT *!C=6I;01/( 5]G>%9#> ^O;5#6\&&V]]%
M@ 5.+ME)$ 0Q[013< 4@\!+T"M-N_L.(G054X*0@@ )+G0+0/0,ZS;JL^]5=
MSKBFG05&$ 9X<.B)#@*EG0/&[1- _-4=_=$A/=(R6M)E>M*![A(P8,M,\ )4
M  5(4 4T<-B=:P/G[>-%G>HR$*V&V^I4\-]5@!/TVN"XGNM=ONNWF@6M/@12
6@ 55\*([.P-_7NQ#S0 3#='7N!!% .I4
 
end
-------  Cfg file --------
#
# These are the default values for all feature switches.
#
feat_verbose = 1    # Warn user about unscanned parts, etc.
feat_log_inline = 0 # Attach log to message
feat_log_stderr = 1 # Print log to standard error
feat_force_name = 0 # Force all parts (except text/html parts) to
                    # have file names.
feat_files = 1      # Enable filename-based policy decisions.
feat_boundaries = 0 # Replace all boundary strings with our own
                    # NOTE:  Always breaks PGP/MIME messages!
feat_lengths = 1    # Protect against buffer overflows and null
                    # values.
feat_scripts = 1    # Defang incoming shell scripts.
feat_html = 1       # Defang active HTML content.
feat_trust_pgp = 0  # Don't scan PGP signed message parts.
feat_uuencoded = 1  # Sanitize inline uuencoded files.
feat_forwards = 1   # Sanitize forwarded messages
feat_testing = 0    # This isn't a test-case configuration.
feat_fixmime = 1    # Fix invalid MIME, if possible.
##
## These are the default scoring thresholds.
##
#score_bad = 100     # Any message exceeding this value will cause
#                   # the sanitizer to return a non-zero exit
#                   # code after processing the entire message.
#
#score_panic = 0     # If the sanitizer's internal score exceeds
#                   # this value, the sanitizer will terminate
#                   # immediately with a non-zero exit code.
#                   # Setting to 0 disables this feature.
#
# You may need to increase the following if you have a very
# complex configuration split between multiple files.
#
#  max_conf_recursions = 5    # The default is 5.
#
# Create temporary or saved files using this template.
# An attachment named "dude.txt" might be saved as
#
#  /var/quarantine/att-A9Y-dude.txt
#
# Note:  The directory must exist and be writable by
# the user running the sanitizer.
#
file_name_tpl = /var/quarantine/$$$-$F
 
# We have three policies, in addition to the default which is
# to defang file names.
#
file_list_rules = 1
file_default_policy = accept
file_default_filename = unnamed.file
 
# Delete obviously executable attachments.  This list is VERY
# incomplete!  This is a perl regular expression, see "man
# perlre" for info.  The (?i) prefix makes the regexp case
# insensitive.
#
# There is only one policy, since we aren't using an external
# scanner.  The file list is split accross two lines, for fun.
#
#file_list_1  = (?i)\.(exe|com|lnk
#file_list_1 += |cmd|vbs|pif|bat)$
#file_list_1_policy = save
#file_list_1_scanner = 0
 
# Files we absolutely don't want (mostly executables).
#
file_list_1_scanner = 0:2:3:/usr/local/bin/check_for_virus %FILENAME %REPLY_TO v
irusmanager virusmanager@gmaaust.com.au %HEADER(to) %HEADER(subject)
file_list_1_policy  = unknown:mangle:save:save
file_list_1         = (?i)(winmail\.dat
file_list_1        += |\.(exe|vb[es]|zip|lnk|cmd|c(om|hm)|bat|pif|s(ys|cr))
file_list_1        += (\.g?z|\.bz\d?)*)$
 
# Scan mp3 files for Evil Viruses, using the imaginary mp3virscan
# utility.  Always define FOUR potential policies, which depend on the
# exit code returned by the scanner.  Which code means what is
# defined in the scanner line, which must contain THREE entries.
# The fourth policy is used for "anything else".
#
#   "accept" if the file is clean (exit status 0 or 1)
#   "mangle" if the file was dirty, but is now clean (2 or 4)
#   "drop!"  if the file is still dirty (66)
#   "save"   if the mp3virscan utility returns some other exit code
#            or an error occurs.
#
#file_list_2_scanner = 0:2:3:/usr/local/bin/check_for_policy %FILENAME %REPLY_TO
 virusfound virusfound@gmaaust.com.au %HEADER(to) %HEADER(subject)
#file_list_2_policy  = unknown:mangle:save:save
#file_list_2        = (?i)\.(mp3|mp2|mpg|mpeg|mpe|avi)$
 
# Scan WinWord and Excel attachments with built-in macro scanner.
# We consider anything exceeding the score of 25 to be dangerous,
# and save it in the quarantine.
#
#file_list_2 = (?i)\.(doc|dot|xls|xlw)$
#file_list_2_policy = accept:accept:save:save
#file_list_2_scanner = 0:1:2:builtin 25
#