Here is a copy of my config file. I run the sanitizer by using the
following:
./bin/sanitizer.pl ./sanitizer.cfg < /var/spool/mail/unsubscribe | more
# Active features.
#
feat_verbose = 1 # Warn user about unscanned parts, etc.
feat_log_inline = 1 # Attach log to message
feat_log_stderr = 1 # Print log to standard error
feat_force_name = 0 # Force all parts (except text/html parts) to
# have file names.
feat_files = 1 # Enable filename-based policy decisions.
feat_boundaries = 0 # Replace all boundary strings with our own
# NOTE: Always breaks PGP/MIME messages!
feat_lengths = 1 # Protect against buffer overflows and null
# values.
feat_scripts = 1 # Defang incoming shell scripts.
feat_html = 1 # Defang active HTML content.
feat_trust_pgp = 0 # Don't scan PGP signed message parts.
feat_uuencoded = 1 # Sanitize inline uuencoded files.
feat_forwards = 1 # Sanitize forwarded messages
feat_testing = 0 # This isn't a test-case configuration.
feat_fixmime = 1 # Fix invalid MIME, if possible.
#
# Note: This directory must exist and be writable by
# the user running the sanitizer.
#
file_name_tpl = /var/quarantine/att-$F-$T.$$
# Files we absolutely don't want (mostly executables).
#
file_list_1_scanner = 0
file_list_1_policy = save
file_list_1 = (?i)(winmail\.dat
file_list_1 += |\.(exe|vb[es]|c(om|hm)|bat|pif|lnk|doc.lnk|s(ys|cr))
file_list_1 += (\.g?z|\.bz\d?)*)$
# Pure data, don't mangle this stuff (much).
#
file_list_2_scanner = 0
file_list_2_policy = accept
file_list_2 = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp
file_list_2 += |mp[32]|wav|au|ram?
file_list_2 += |avi|mov|mpe?g
file_list_2 += |t(xt|ex)|csv|l(og|yx)|sql|jtmpl
file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|pa(tch|s)|java|php\d?
file_list_2 += |[ja]sp
file_list_2 += |can|pos|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*$
file_list_3_scanner = 0
file_list_3_policy = accept
file_list_3 = ^[^\.]+$
# Archives and scriptable stuff - virus scan these.
#
file_list_4_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME
file_list_4_policy = accept:accept:save:save
file_list_4 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html?
file_list_4 += |class|upd|wp\d?|m?db
file_list_4 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
file_list_4 += )(\.g?z|\.bz\d?)*$
# Default policy: accept, but mangle file name.
#
file_default_policy = defang
It doesn't remove the sircam attachment:
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text
Hi! How are you?
=20
I send you this file in order to have your advice
=20
See you later. Thanks
------0B203263_Outlook_Express_message_boundary
Content-Type: application/mixed; name=kathywilliamson.doc.lnk
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=kathywilliamson.doc.lnk
> >I had the same problem you did. Instead of typing
"ANOMY=/usr/local/anomy"
> >I did "export ANOMY=/usr/local/anomy" and it seemd to work. That is, it
> >ran, but my configuration file isn't working (It won't remove the sircam
> >virus files even after I put the lnk and even doc.lnk in the file_list_1
> >section. Oh well
If you post a copy of your configuration file, maybe we can tell you what
the problem is...
> My configuration works ie. put all .exe .vbs .com .lnk files
> to quarantine.
>
> I wonder if the configuration can be changed to trash
> all .lnk files without saving.
Use a drop policy instead of save. :)
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 14950@xyz.molar.is -><- http://bre.klaki.net/Check out my open-source email sanitizer: http://mailtools.anomy.net/