anomy-list

Re: Behavior of default policy?

From: Jessie Bryan (07332@xyz.molar.is)
Date: Mið 13 Des 2000 - 20:15:40 UTC


Here is my updated cfg file.
Note: The file_default_policy is still processing ALL attachments to
whatever the default is. My understanding if default is, if the file
extension does not match any of the defined policies above, to apply the
default rule, in this case, defang. With several email attachments sent
for testing, every single file was defanged, instead of saved, accepted or
dropped. I think the predefined policies are being completely ignored.
Do I need to modify the sanitizer.pl file in anyway?

-Jes

##############################################################################

# Active features.
#
feat_boundaries = 0
feat_files = 1
feat_forwards = 1
feat_html = 0
feat_lengths = 1
feat_log_inline = 1
feat_log_stderr = 0
feat_scripts = 0
feat_trust_pgp = 0
feat_uuencoded = 1
feat_verbose = 0
file_name_tpl = /var/quarantine/att-$F-$T.$$
file_list_rules = 4

msg_defanged = RENAMED

# Files we absolutely don't want.
#
file_list_1_scanner = 0
file_list_1_policy = save
file_list_1 = (?i)\.(pif|scr|dll|vbx|exe|vb[es]|bat|sys)*$

# Pure data, don't mangle this stuff (much).
#
file_list_2_scanner = 0
file_list_2_policy = accept
file_list_2 = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp
file_list_2 += |mp[32]|wav|au|ram?
file_list_2 += |avi|mov|mpe?g
file_list_2 += |t(xt|ex)|csv|l(og|yx)|sql|jtmpl
file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|pa(tch|s)|java|php\d?
file_list_2 += |[ja]sp
file_list_2 += |can|pos|fdps|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*$

file_list_3_scanner = 0
file_list_3_policy = accept
file_list_3 = ^[^\.]+$

# Archives and scriptable stuff - virus scan these.
#
file_list_4_scanner = 0:3:/usr/local/bin/sophos.sh %FILENAME
file_list_4_policy = accept:save
file_list_4 = \.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html?|class|upd|wp\d?|m?db
file_list_4 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
file_list_4 += )(\.g?z|\.bz\d?)*$

# Default policy: accept, but mangle file name.
#
file_default_policy = defang

# Messages
#
msg_file_save = ****\n
msg_file_save += NOTE: An attachment was deleted from this part of the message,\n
msg_file_save += because it failed one or more checks by the virus scanning system.\n
msg_file_save += The file has been quarantined on the mail server, with the following\n
msg_file_save += file name:\n
msg_file_save += \n
msg_file_save += \t%SAVEDNAME\n
msg_file_save += \n
msg_file_save += The removed attachment's original name was:\n
msg_file_save += \n
msg_file_save += \t%FILENAME\n
msg_file_save += \n
msg_file_save += It is recommended that you contact your system administrator if you\n
msg_file_save += need access to the file. Please note that this may not mean the file\n
msg_file_save += was infected, it may just have had a black-listed file name.\n
msg_file_save += ****\n

# Notify Users their email was stripped
msg_log_prefix = This message has been sanitized from\n
msg_log_prefix += email attachments. Stuff\n
msg_log_prefix += may have been altered - the following\n
msg_log_prefix += log explains what was done and why.\n
#

-----------------------------------------------------
 Jessie Bryan
 Systems Engineer | Data Communications
 NetLojix Communications, Inc. NASDAQ: NETX
 e - 07332@xyz.molar.is
 v - 805.884.6317
 f - 805.884.6311
 w - www.netlojix.com
-----------------------------------------------------
 

-- 
This mailing list's home page is: http://mailtools.anomy.net/archives/anomy-list/
There you can find subscription instructions and possibly an archive.
Molar.is is a free Icelandic mailing list service.



hosted by molar.is