anomy-bugs

Help Please

From: Clive Smart (21397@xyz.molar.is)
Date: Sat 15 Feb 2003 - 00:19:34 GMT


Hi there

I do not find anything in the change log about this:

Architecture: Intel PIII-500Mhz
Operating System: Redhat 7.2
Perl Version: revision 5.0 version 6 subversion 1
anomy.conf
# Example configuration file for Anomy Sanitizer
#
# From http://advosys.ca/papers/postfix-filtering.html
# Advosys Consulting Inc., Ottawa
#
# Works with Anomy Sanitizer revision 1.49

# Do not log to STDERR:
feat_log_stderr = 0

# Don't insert log in the message itself:
feat_log_inline = 0

# Advertisement to insert in each mail header:
header_info = X-Sanitizer: Advosys mail filter
header_url = 0
header_rev = 0

# Enable filename based policy decisions:
feat_files = 1

# Protect against buffer overflows and null values:
feat_lengths = 1

# Replace MIME boundaries with our own:
feat_boundaries = 1

# Fix invalid and ambiguous MIME boundaries, if possible:
feat_fixmime = 1

# Trust signed and/or encrypted messages:
feat_trust_pgp = 1
msg_pgp_warning = WARNING: Unsanitized content follows.\n

# Defang shell scripts:
feat_scripts = 0

# Defang active HTML:
feat_html = 1

# Defang UUEncoded files:
feat_uuencoded = 0

# Sanitize forwarded content too:
feat_forwards = 1

# Testing? Set to 1 for testing, 0 for production:
feat_testing = 0

# # Warn user about unscanned parts, etc.
feat_verbose = 1

# Force all parts (except text/html parts) to
# have file names.
feat_force_name = 1

# Disable web bugs:
feat_webbugs = 1

# Disable "score" based mail discarding:
score_panic = 0
score_bad = 0

msg_file_drop = \n*****\n
msg_file_drop += NOTE: An attachment named %FILENAME was deleted from
msg_file_drop += this message because it contained a windows executable
msg_file_drop += or other potentially dangerous file type.
msg_file_drop += Contact the system administrator for more information.

##
## File attachment name mangling rules:
##

# Specify the Anomy temp file and quarantine directory
file_name_tpl = /var/spool/filter/att-$F-$T.$$

# Number of rulesets we are defining:
file_list_rules = 2
file_default_policy = defang

# Delete probably nasty attachments:
file_list_1 = (?i)(winmail.dat)|
file_list_1 +=
(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf
file_list_1 += |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
file_list_1_policy = drop
file_list_1_scanner = 0

# Allow known "safe" file types and those that will be
# scanned by the user's desktop virus scanner:
file_list_2 = (?i)\.
# Word processor and document formats:
file_list_2 += (doc|dot|txt|rtf|pdf|ps|htm|[sp]?html?
# Spreadsheets:
file_list_2 += |xls|xlw|xlt|csv|wk[1-4]
# Presentation applications:
file_list_2 += |ppt|pps|pot
# Bitmap graphic files:
file_list_2 += |jpe?g|gif|png|tiff?|bmp|psd|pcx
# Vector graphics and diagramming:
file_list_2 += |vsd|drw|cdr|swf
# Multimedia:
file_list_2 += |mp3|avi|mpe?g|mov|ram?|mid|ogg
# Archives:
file_list_2 += |zip|g?z|rar|tgz|bz2|tar
# Source code:
file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
file_list_2_policy = accept
file_list_2_scanner = 0

# Any file type not listed above gets renamed to prevent
# ms outlook from auto-executing it.
==============================================================================
cat sanitizer.appledouble.diff
14c14
< Content-Type: multipart/mixed;
boundary="MIMEStream=_0+138712_1497409556135_97549031856"

---
 > Content-Type: multipart/mixed; 
boundary="MIMEStream=_0+274787_2257587262559_06971886174"
17c17
< --MIMEStream=_0+138712_1497409556135_97549031856
---
 > --MIMEStream=_0+274787_2257587262559_06971886174
23,24c23,24
< --MIMEStream=_0+138712_1497409556135_97549031856
< Content-Type: multipart/appledouble; x-mac-creator="5068466C"; 
x-mac-type="4A504547"; 
boundary="MIMEStream=_1+257041_4995826329745_54296801793"
---
 > --MIMEStream=_0+274787_2257587262559_06971886174
 > Content-Type: multipart/appledouble; x-mac-creator="5068466C"; 
x-mac-type="4A504547"; 
boundary="MIMEStream=_1+40131_10950310791916_78641180746"
28c28
< --MIMEStream=_1+257041_4995826329745_54296801793
---
 > --MIMEStream=_1+40131_10950310791916_78641180746
46c46
< --MIMEStream=_1+257041_4995826329745_54296801793
---
 > --MIMEStream=_1+40131_10950310791916_78641180746
61,62c61,62
< --MIMEStream=_1+257041_4995826329745_54296801793--
< --MIMEStream=_0+138712_1497409556135_97549031856--
---
 > --MIMEStream=_1+40131_10950310791916_78641180746--
 > --MIMEStream=_0+274787_2257587262559_06971886174--
==============================================================================
cat sanitizer.appledouble.log
<Sanitizer start="1045267929">
   <replaced-boundary id="218491" 
new="MIMEStream=_0+138712_1497409556135_97549031856" 
old="=ABACAB:=_0006@@UtD0uere5ZCIrVlOp0vV">Replaced MIME boundary: 
&gt;&gt;%old%&lt;&lt;&nl;                  with: 
&gt;&gt;%new%&lt;&lt;</replaced-boundary>
   <Part pos="784">
     <SanitizeFile filename="unnamed.txt" mimetype="text/plain">
       <Match rule="2">
         <policy name="accept">Enforced policy: %name%</policy>
       </Match>
     </SanitizeFile>
   </Part>
   <Part pos="892">
     <replaced-boundary id="218492" 
new="MIMEStream=_1+257041_4995826329745_54296801793" 
old="=ABACAB:=_0005@@P6505M9FyrTJqS3QJpeU">Replaced MIME boundary: 
&gt;&gt;%old%&lt;&lt;&nl;                  with: 
&gt;&gt;%new%&lt;&lt;</replaced-boundary>
     <Part pos="235">
       <SanitizeFile filename="unnamed.txt" 
mimetype="application/applefile">
         <default_name default="unnamed.txt">No attachment name found, 
using default (%default%).</default_name>
         <Match rule="2">
           <policy name="accept">Enforced policy: %name%</policy>
         </Match>
       </SanitizeFile>
     </Part>
     <Part pos="1274">
       <SanitizeFile filename="20802160428.jpg" 
mimetype="application/octet-stream">
         <Match rule="2">
           <policy name="accept">Enforced policy: %name%</policy>
         </Match>
       </SanitizeFile>
     </Part>
   </Part>
</Sanitizer>
<modifications base="218491" end="218493" total="2">Total modifications 
so far: %total%</modifications>
==============================================================================
cat sanitizer.appledouble.ok
 From 21486@xyz.molar.is  Thu Aug  3 07:32:10 2000
Return-Path: <21486@xyz.molar.is>
Received: from example.com (21521@xyz.molar.is [149.144.245.5])
         by example.com (8.9.3/8.9.3) with ESMTP id HAA01305
         for <21557@xyz.molar.is>; Thu, 3 Aug 2000 07:32:03 GMT
From: 21486@xyz.molar.is
Date: Thu, 3 Aug 2000 06:39:59 GMT
Message-Id: <21592@xyz.molar.is>
Sender: 21486@xyz.molar.is
To: 21645@xyz.molar.is
Subject: Clean multipart/mixed test case with a very very very very very 
very very very very very very very very very very very very very very 
very very very very very very very very very very very very very very 
very very very long harmless subject.
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="MIMEStream=_0+274787_2257587262559_06971886174"

--MIMEStream=_0+274787_2257587262559_06971886174 Content-Type: text/plain Content-Transfer-Encoding: 8bit

blah blah

--MIMEStream=_0+274787_2257587262559_06971886174 Content-Type: multipart/appledouble; x-mac-creator="5068466C"; x-mac-type="4A504547"; boundary="MIMEStream=_1+40131_10950310791916_78641180746" Content-Disposition: attachment; filename="20802160428.jpg"

--MIMEStream=_1+40131_10950310791916_78641180746 Content-Type: application/applefile; x-mac-creator="5068466C"; x-mac-type="4A504547"; name="unnamed.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment

AAUWBwACAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAJAAAAPgAAACAAAAADAAAAXgAA AA8AAAACAAAAbQAAH35KUEVHUGhGbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIw 6gVnJK8bZBOD1Fak9o9rKxGSuaqTWxYb41+Xvz0rupyja3Q9KlKHLZbD7e5dJVJO Rmumt1V48H5t44Fc1YWMt3KkMalnJ4A/XPpgc57VV17xxJp8b2Xh2aGeVMK2ohC6 qwPIiUjB6ffIOedoGAx9XLeHsZndb2eFVkvik9l/m/JHz+e5nhcugpVZavZLdm/P awabBJJqNxDZQN8yNO2C49VQAsw5/hBrBufE/h6CZmikvrxgcgR26pHJ7h2bcB6E p+FcXNcz3aNPetLJPKctM7bizY6knBJ9c/ypTGiErKoIxjep7/UDmv17A8AZZh4/ 7S5VZetl8kv1bPzPFcaZhOT9ilBfe/x0/A65PGen+VJcHQL5ooSolcXqsqZPBP7k Y/E1s2vjHw9clEM91auy53XFv+7U+mUZmP8A3z+VecpbqxBQfLkEHbnac9+P881I lvskBb+HkHqDj6/SvQxHBORV429jy+jkv1a/A8yPFmaRd5VOb1S/Sx6yn7y2NzA8 dzbk4E0Lh0HTAOPunkcNg89KoSu2RnOK4zT7m5splurKaSGdcBXQkZ56HjkHHIPB rqtM1qPXiLOeOK01DbtRh8kdw/8Ad54Rz2/hPT5cAH85zrgKvgouvgZOpFbxfxL0 6P8AB+p9hkvGOHxVRUcVHkk+v2X/AJFlpRHFvXBPaqUtw86hpOccdO1KztEWikR4 --MIMEStream=_1+40131_10950310791916_78641180746 Content-Type: application/octet-stream; x-mac-creator="5068466C"; x-mac-type="4A504547" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="20802160428.jpg"

/9j/4AAQSkZJRgABAQEASABIAAD//gAsQ29tcHJlc3Npb24gYnkgU3Rvcm0gVGVj aG5vbG9neagsIEluYy42Nk5x/+4ADkFkb2JlAGWAAAAAAf/tABBTdG9ybQABAAEB AEgASP/bAIQABQMEBAQDBQQEBAYFBQYIDQgIBwcIEAsMCQ0TERQUExESEhUYHhoV Fh0XEhIaJBsdHyAiIiIUGSUoJSEoHiEiIQEFBgYIBwgPCAgPIRYSFiEhISEhISEh ISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEh/8AAEQgB 4AJzAwEiAAIRAQMRAf/EAaIAAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKCxAA AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAk M2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlq c3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6AQADAQEBAQEBAQEBAAAA --MIMEStream=_1+40131_10950310791916_78641180746-- --MIMEStream=_0+274787_2257587262559_06971886174-- *** Exit code was 0 *** ============================================================================== cat sanitizer.appledouble.out From 21486@xyz.molar.is Thu Aug 3 07:32:10 2000 Return-Path: <21486@xyz.molar.is> Received: from example.com (21521@xyz.molar.is [149.144.245.5]) by example.com (8.9.3/8.9.3) with ESMTP id HAA01305 for <21557@xyz.molar.is>; Thu, 3 Aug 2000 07:32:03 GMT From: 21486@xyz.molar.is Date: Thu, 3 Aug 2000 06:39:59 GMT Message-Id: <21592@xyz.molar.is> Sender: 21486@xyz.molar.is To: 21645@xyz.molar.is Subject: Clean multipart/mixed test case with a very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very long harmless subject. X-Sanitizer: Advosys mail filter MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MIMEStream=_0+138712_1497409556135_97549031856"

--MIMEStream=_0+138712_1497409556135_97549031856 Content-Type: text/plain Content-Transfer-Encoding: 8bit

blah blah

--MIMEStream=_0+138712_1497409556135_97549031856 Content-Type: multipart/appledouble; x-mac-creator="5068466C"; x-mac-type="4A504547"; boundary="MIMEStream=_1+257041_4995826329745_54296801793" Content-Disposition: attachment; filename="20802160428.jpg"

--MIMEStream=_1+257041_4995826329745_54296801793 Content-Type: application/applefile; x-mac-creator="5068466C"; x-mac-type="4A504547"; name="unnamed.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment

AAUWBwACAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAJAAAAPgAAACAAAAADAAAAXgAA AA8AAAACAAAAbQAAH35KUEVHUGhGbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIw 6gVnJK8bZBOD1Fak9o9rKxGSuaqTWxYb41+Xvz0rupyja3Q9KlKHLZbD7e5dJVJO Rmumt1V48H5t44Fc1YWMt3KkMalnJ4A/XPpgc57VV17xxJp8b2Xh2aGeVMK2ohC6 qwPIiUjB6ffIOedoGAx9XLeHsZndb2eFVkvik9l/m/JHz+e5nhcugpVZavZLdm/P awabBJJqNxDZQN8yNO2C49VQAsw5/hBrBufE/h6CZmikvrxgcgR26pHJ7h2bcB6E p+FcXNcz3aNPetLJPKctM7bizY6knBJ9c/ypTGiErKoIxjep7/UDmv17A8AZZh4/ 7S5VZetl8kv1bPzPFcaZhOT9ilBfe/x0/A65PGen+VJcHQL5ooSolcXqsqZPBP7k Y/E1s2vjHw9clEM91auy53XFv+7U+mUZmP8A3z+VecpbqxBQfLkEHbnac9+P881I lvskBb+HkHqDj6/SvQxHBORV429jy+jkv1a/A8yPFmaRd5VOb1S/Sx6yn7y2NzA8 dzbk4E0Lh0HTAOPunkcNg89KoSu2RnOK4zT7m5splurKaSGdcBXQkZ56HjkHHIPB rqtM1qPXiLOeOK01DbtRh8kdw/8Ad54Rz2/hPT5cAH85zrgKvgouvgZOpFbxfxL0 6P8AB+p9hkvGOHxVRUcVHkk+v2X/AJFlpRHFvXBPaqUtw86hpOccdO1KztEWikR4 --MIMEStream=_1+257041_4995826329745_54296801793 Content-Type: application/octet-stream; x-mac-creator="5068466C"; x-mac-type="4A504547" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="20802160428.jpg"

/9j/4AAQSkZJRgABAQEASABIAAD//gAsQ29tcHJlc3Npb24gYnkgU3Rvcm0gVGVj aG5vbG9neagsIEluYy42Nk5x/+4ADkFkb2JlAGWAAAAAAf/tABBTdG9ybQABAAEB AEgASP/bAIQABQMEBAQDBQQEBAYFBQYIDQgIBwcIEAsMCQ0TERQUExESEhUYHhoV Fh0XEhIaJBsdHyAiIiIUGSUoJSEoHiEiIQEFBgYIBwgPCAgPIRYSFiEhISEhISEh ISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISEh/8AAEQgB 4AJzAwEiAAIRAQMRAf/EAaIAAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKCxAA AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAk M2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlq c3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6AQADAQEBAQEBAQEBAAAA --MIMEStream=_1+257041_4995826329745_54296801793-- --MIMEStream=_0+138712_1497409556135_97549031856-- *** Exit code was 0 ***



hosted by molar.is