anomy-list

Sanitizer configuration tricks

From: Bjarni R. Einarsson (18048@xyz.molar.is)
Date: Thu 16 Aug 2001 - 10:44:40 UTC

  • Next message: Bjarni R. Einarsson: "Re: Why do you need to defang META ??"

    (I've sent a CC: of this reply to the mailing list, since the content might
     interest other people as well - thanks for the feedback.)

    On 2001-08-16, 11:54:07 (+0200), Robby wrote:
    > The things I found that were worse were:
    >
    > - Harder to add a list of file names like navidad.exe to block.
    > - Therefor harder to update the list automatically.

    This can be done by using a single rule for blocking, and then including
    a seperate file containing only additions to the list, something like this:

    config1:

      feat_files = 1
      ...
      file_list_1_policy = drop
      file_list_1 = (?i)^(evil1.exe|evil2.exe
      /path/to/config2
      file_list_1 += )$
      ...

    config2

      file_list_1 += |badfile2.exe
      file_list_1 += |badfile3.exe
      file_list_1 += |badfile4.exe
      ...

    Then you can automatically update config2 without touching config1.

    > - Winmail.dat mails cannot pass through the sanitizer successfully.

    I'm working on this - I actually have working code for sanitizing the
    contents of winmail.dat attachments, but I have yet to discuss with my
    employer whether I'm allowed to release it or not...

    > The reason I wanted to allow MSTNEF files though the sanitizer was because certain mailers were including everything(attachments + text) in that format. Therefor when the sanitizer was dropping the winmail.dats users were getting blank emails.
    >
    > But now when I tell Anomy to accept .dat files (don't mangle, drop, save, defang, etc) and winmail.dat files the users still get blank emails but when you look at the source you can see that the winmail.dat file is still in the message, the client (outlook) just doesn't recognise it any more.
    >
    > Have you come accross this before?

    No, I haven't. Could you bounce a pristine copy of such a message to me,
    and a pristine copy of an un-sanitized winmail.dat message, so I can
    compare the two? The winmail.dat-related issues probably need quite a
    bit of work, since I have very few test cases to see if my code is
    actually doing The Right Thing(tm) or not.

    I'll also need a copy of your configuration file.

    (Please don't send them to the list though.)

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     18048@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/



    hosted by molar.is