anomy-list

RE: Re: Problem after fresh install of anomy

From: Lazur, Eric (14862@xyz.molar.is)
Date: Thu 02 Aug 2001 - 13:08:44 UTC

  • Next message: Lazur, Eric: "RE: Re: Problem after fresh install of anomy"

    Here is a copy of my config file. I run the sanitizer by using the
    following:
    ./bin/sanitizer.pl ./sanitizer.cfg < /var/spool/mail/unsubscribe | more

    # Active features.
    #

    feat_verbose = 1 # Warn user about unscanned parts, etc.
    feat_log_inline = 1 # Attach log to message
    feat_log_stderr = 1 # Print log to standard error
    feat_force_name = 0 # Force all parts (except text/html parts) to
                        # have file names.
    feat_files = 1 # Enable filename-based policy decisions.
    feat_boundaries = 0 # Replace all boundary strings with our own
                        # NOTE: Always breaks PGP/MIME messages!
    feat_lengths = 1 # Protect against buffer overflows and null
                        # values.
    feat_scripts = 1 # Defang incoming shell scripts.
    feat_html = 1 # Defang active HTML content.
    feat_trust_pgp = 0 # Don't scan PGP signed message parts.
    feat_uuencoded = 1 # Sanitize inline uuencoded files.
    feat_forwards = 1 # Sanitize forwarded messages
    feat_testing = 0 # This isn't a test-case configuration.
    feat_fixmime = 1 # Fix invalid MIME, if possible.

    #
    # Note: This directory must exist and be writable by
    # the user running the sanitizer.
    #
    file_name_tpl = /var/quarantine/att-$F-$T.$$

    # Files we absolutely don't want (mostly executables).
    #
    file_list_1_scanner = 0
    file_list_1_policy = save
    file_list_1 = (?i)(winmail\.dat
    file_list_1 += |\.(exe|vb[es]|c(om|hm)|bat|pif|lnk|doc.lnk|s(ys|cr))
    file_list_1 += (\.g?z|\.bz\d?)*)$

    # Pure data, don't mangle this stuff (much).
    #
    file_list_2_scanner = 0
    file_list_2_policy = accept
    file_list_2 = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp
    file_list_2 += |mp[32]|wav|au|ram?
    file_list_2 += |avi|mov|mpe?g
    file_list_2 += |t(xt|ex)|csv|l(og|yx)|sql|jtmpl
    file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|pa(tch|s)|java|php\d?
    file_list_2 += |[ja]sp
    file_list_2 += |can|pos|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*$

    file_list_3_scanner = 0
    file_list_3_policy = accept
    file_list_3 = ^[^\.]+$

    # Archives and scriptable stuff - virus scan these.
    #
    file_list_4_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME
    file_list_4_policy = accept:accept:save:save
     file_list_4 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html?
     file_list_4 += |class|upd|wp\d?|m?db
     file_list_4 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
     file_list_4 += )(\.g?z|\.bz\d?)*$

    # Default policy: accept, but mangle file name.
    #
    file_default_policy = defang

    It doesn't remove the sircam attachment:

    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: message text

    Hi! How are you?
    =20
    I send you this file in order to have your advice
    =20
    See you later. Thanks

    ------0B203263_Outlook_Express_message_boundary
    Content-Type: application/mixed; name=kathywilliamson.doc.lnk
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename=kathywilliamson.doc.lnk

    > >I had the same problem you did. Instead of typing
    "ANOMY=/usr/local/anomy"
    > >I did "export ANOMY=/usr/local/anomy" and it seemd to work. That is, it
    > >ran, but my configuration file isn't working (It won't remove the sircam
    > >virus files even after I put the lnk and even doc.lnk in the file_list_1
    > >section. Oh well

    If you post a copy of your configuration file, maybe we can tell you what
    the problem is...

    > My configuration works ie. put all .exe .vbs .com .lnk files
    > to quarantine.
    >
    > I wonder if the configuration can be changed to trash
    > all .lnk files without saving.

    Use a drop policy instead of save. :)

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     14950@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/



    hosted by molar.is