anomy-list

Re: syntax for using with exit codes

From: Bjarni R. Einarsson (01890@xyz.molar.is)
Date: Mið 09 Ágú 2000 - 20:17:59 UTC


On 2000-08-06, 21:03:36 (-0500), mark david mcCreary wrote:
> I am interested in using the email sanitizer with a Smartlist mailing list.
> Since Smartlist is built on Procmail, and the Anomy 1.20 release supports
> exit codes, this might be possible ?

Yup! :)

> I can get the santizer to be called, but it looks like it assigns
> VIRUS_CODE the entire email, instead of the exit code.

Yes, this is how procmail works.

> My understanding of exit codes in procmail, is that you can set an exit
> code, and that will terminate procmail and return to the MTA.
>
> So Procmail exit codes do not seem to apply here ?

Not exactly, unless you really want to terminate procmail.

> I want the Anomy sanitizer to return an exit code, indicating what sort of
> problems it found, if any. That is, an exit code if active HTML was
> mangled,
> a different exit code if an attachment file name was known to be a virus, etc.

At the moment, there are three possible exit codes. The normal code, 0,
is what is usually returned. The exit code of 1 can be returned if the
internal "bug score" passes a user-defined value, and the code 2 is
returned when the score passes the panic value (this code means the scanner
will exit prematurely).

Finer granularity on the codes isn't available yet, although in the future
that may change. When I implemented this it wasn't obvious to me how to let
the user define more codes in a sensible fashion: how should I deal with the
case when both problem A and problem B occur? A bit-wise approach would
work (A=1, B=2, C=4, ABC=7), but limit my options to reporting at most 7 or
8 different kinds of problems. I'm still thinking about this.

> What are my options in getting Anomy to scan mail prior to be sent to a
> Smartlist mailing list.

The following code should do what you wanted, that is add the "X-Diagnostic"
header to suspect messages. Actually rejecting them is obviously up to some
other ruleset...

# Sanitize the mail.
#
:0 fW
|/path/to/anomy/bin/sanitizer.pl /path/to/configuration

# Add a diagnostic header to messages which the sanitizer doesn't like.
#
:0 ef
| formail -A "X-Diagnostic: rejected because of suspect content"

The "e" flag to procmail makes it only execute the formail rule if the
sanitizer returns a non-zero exit code. Unfortunately, I haven't quite
figured out how to access the code itself from within procmail. Any tips
would be very welcome.

Note that the configuration file must set a threshold in the "score_bad"
variable. At the moment every "minor" incident adds 1 to the score,
suspicious stuff increments the score by 10, and really evil things such as
buffer overflow attempts increment it by 100. So IMHO a reasonable value
for "score_bad" in the real world is 100.

The "bad" state can also be explicitly triggered from within the filename
matching rules, by appending an exclamation mark (!) to the rule's policy.

I hope this helps!

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 01890@xyz.molar.is               -><-            http://bre.klaki.net/

Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/

-- This mailing list's home page is: http://mailtools.anomy.net/archives/anomy-list/ There you can find subscription instructions and possibly an archive. Molar.is is a free Icelandic mailing list service.



hosted by molar.is