(I've sent a CC: of this reply to the mailing list, since the content might
interest other people as well - thanks for the feedback.)
On 2001-08-16, 11:54:07 (+0200), Robby wrote:
> The things I found that were worse were:
> - Harder to add a list of file names like navidad.exe to block.
> - Therefor harder to update the list automatically.
This can be done by using a single rule for blocking, and then including
a seperate file containing only additions to the list, something like this:
feat_files = 1
file_list_1_policy = drop
file_list_1 = (?i)^(evil1.exe|evil2.exe
file_list_1 += )$
file_list_1 += |badfile2.exe
file_list_1 += |badfile3.exe
file_list_1 += |badfile4.exe
Then you can automatically update config2 without touching config1.
> - Winmail.dat mails cannot pass through the sanitizer successfully.
I'm working on this - I actually have working code for sanitizing the
contents of winmail.dat attachments, but I have yet to discuss with my
employer whether I'm allowed to release it or not...
> The reason I wanted to allow MSTNEF files though the sanitizer was because certain mailers were including everything(attachments + text) in that format. Therefor when the sanitizer was dropping the winmail.dats users were getting blank emails.
> But now when I tell Anomy to accept .dat files (don't mangle, drop, save, defang, etc) and winmail.dat files the users still get blank emails but when you look at the source you can see that the winmail.dat file is still in the message, the client (outlook) just doesn't recognise it any more.
> Have you come accross this before?
No, I haven't. Could you bounce a pristine copy of such a message to me,
and a pristine copy of an un-sanitized winmail.dat message, so I can
compare the two? The winmail.dat-related issues probably need quite a
bit of work, since I have very few test cases to see if my code is
actually doing The Right Thing(tm) or not.
I'll also need a copy of your configuration file.
(Please don't send them to the list though.)
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 email@example.com -><- http://bre.klaki.net/
Check out my open-source email sanitizer: http://mailtools.anomy.net/