anomy-list

Re: Behavior of default policy?

From: Bjarni R. Einarsson (06600@xyz.molar.is)
Date: Mið 13 Des 2000 - 11:45:57 UTC


On 2000-12-12, 17:58:21 (-0800), Jessie Bryan wrote:
> Hello,
>
> I used Bjarni's example for configuration
> http://www.molar.is/en/lists/anomy-list/2000-10/0002.shtml

I'm not sure, but there may have been a minor typo in the file I posted.
Send me a copy of your current sanitizer.cfg and I'll see if I can find
any problems with it.

> I am using this script by verbatim. I have /var/quaruntine dir created.
> and changed the line '/usr/local/bin/avp.sh' to /usr/local/bin/sophos.sh'
> which basically has: /usr/local/bin/sweep -ss -archive -di $1 && echo
> "Virus Scanner last ran at `date`" | mail jbryan@localhost

This won't work. If I understand you correctly, you want mail whenever
the virus scanner runs - this will only send you mail when the virus
scanner runs without finding a virus (a pretty boring occurance if you
ask me).

The following would be better:

  #!/bin/sh
  echo "Running virus scanner at `date`" | mail jbryan@localhost
  exec /usr/local/bin/sweep -ss -archive -di $1

Finally, you will need to update the exit code values in the
file_list_N_scanner line to match those returned by sophos.

file_list_4_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME
file_list_4_policy = accept:save:save:save

Here the three sets of numbers, 0, 5 and 3,4 are exit codes which the
sanitizer checks for when the scanner finishes. If the scanner returns
a 0, the first policy (accept) is used, if it returns a 5 the second
policy, etc. The fourth policy is the one used whan an unexpected code
is returned. You need to update these numbers to match those returned
by sophos.

> and for some reason when I send a .exe file the defang default policy
> runs, instead of file_list_1_policy = save

This would be normal, if the sanitizer was running with the default (built
in) configuration. Could it be that that your sanitizer.cfg file isn't
being used for some reason?

> If I change the file_default_policy then all emails (even ones that SHOULD
> match predefined policies) will match that and use that action.

Have you tried it? :)

> Im wondering if I've totally missed something. Im running RH 6.2 i386 with
> perl 5.004_04 (ya it's old). Im wondering if my perl version is the reason
> why these policys arent working.

I don't think so, I've run the full set of test cases on a Solaris box
using perl 5.004_04 and it passed - policies were enforced, etc.

> Also, I don't really understand why it's bad to call an external anti
> virus program via global procmail. Were using sophos right now..

Who said that was a bad idea? :-) To me it sounds like a fine idea, as long
as your machine has the horsepower to do it. Just be sure to take care with
permissions etc - it might be a good idea to precede the sanitizer ruleset
with the DROPPRIVS=yes directive so it runs as the user instead of running
as root.

If you are misunderstanding (or me mis-expressing myself) the
documentation, please let me know which part, so I can try to clarify
it.

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 06600@xyz.molar.is                -><-              http://bre.klaki.net/

Check out my open-source email sanitizer: http://mailtools.anomy.net/

-- This mailing list's home page is: http://mailtools.anomy.net/archives/anomy-list/ There you can find subscription instructions and possibly an archive. Molar.is is a free Icelandic mailing list service.



hosted by molar.is