anomy-list

Word Macros fail to process with new 1.44 was OK in 1.43

From: Peter Williams (24005@xyz.molar.is)
Date: Mon 15 Oct 2001 - 04:23:05 UTC

  • Next message: Peter Williams: ".forward sendmail and too many hops"

    G'Day,

    I've sent this to the bugs but I don't get any responses so I'll send it
    here too.

    Regards

    Peter

    Intel SCO Openserver 5.0.6

    CFG file

    ------------------------------------------------------
    feat_verbose = 1 # Warn user about unscanned parts, etc.
    feat_log_inline = 1 # Attach log to message
    feat_log_stderr = 1 # Print log to standard error
    feat_force_name = 0 # Force all parts (except text/html parts) to
                        # have file names.
    feat_files = 1 # Enable filename-based policy decisions.
    feat_boundaries = 0 # Replace all boundary strings with our own
                        # NOTE: Always breaks PGP/MIME messages!
    feat_lengths = 1 # Protect against buffer overflows and null
                        # values.
    feat_scripts = 1 # Defang incoming shell scripts.
    feat_html = 1 # Defang active HTML content.
    feat_trust_pgp = 0 # Don't scan PGP signed message parts.
    feat_uuencoded = 1 # Sanitize inline uuencoded files.
    feat_forwards = 1 # Sanitize forwarded messages
    feat_testing = 0 # This isn't a test-case configuration.
    feat_fixmime = 1 # Fix invalid MIME, if possible.
    score_bad = 100 # Any message exceeding this value will cause
                        # the sanitizer to return a non-zero exit
                        # code after processing the entire message.

    score_panic = 0 # If the sanitizer's internal score exceeds
                        # this value, the sanitizer will terminate
                        # immediately with a non-zero exit code.
                        # Setting to 0 disables this feature.
    file_name_tpl = /var/quarantine/$$$-$F

    file_list_rules = 1
    file_default_policy = accept
    file_default_filename = unnamed.file

    file_list_1_scanner = 0:2:3:/usr/local/bin/check_for_virus %FILENAME
    file_list_1_policy = unknown:mangle:save:save
    file_list_1 = (?i)(winmail\.dat
    file_list_1 += |\.(exe|vb[es]|zip|lnk|cmd|c(om|hm)|bat|pif|s(ys|cr))
    file_list_1 += (\.g?z|\.bz\d?)*)$

    file_list_2 = (?i)\.(doc|dot|xls|xlw)$
    file_list_2_policy = accept:accept:save:save
    file_list_2_scanner = 0:1:2:builtin 25

    ------------------------------------------------------

    Log data follows
    > -----Original Message-----
    > From: Gavin Millman & Associates (Aust) Pty Ltd
    > [mailto:24096@xyz.molar.is]
    > Sent: Friday, October 12, 2001 3:10 PM
    > To: 24005@xyz.molar.is
    > Subject: Test
    >
    >
    >
    > ****
    > NOTE: An attachment was deleted from this part of the message,
    > because it failed one or more checks by the virus scanning system.
    > The file has been quarantined on the mail server, with the following
    > file name:
    >
    > 2XY-2001_M.doc
    >
    > The removed attachment's original name was:
    >
    > 2001_M.doc
    >
    > It is recommended that you contact your system administrator if you
    > need access to the file. It might also be a good idea to contact the
    > sender, and warn them that their system may be infected.
    > ****
    >
    > --
    > This message has been 'sanitized'. This means that potentially
    > dangerous content has been rewritten or removed. The following
    > log describes which actions were taken.
    >
    > Sanitizer (start="1002863422"):
    > SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
    > Match (rule="default"):
    > Enforced policy: accept
    >
    > Part (pos="497"):
    > SanitizeFile (filename="2001_M.doc",
    > mimetype="INLINE/application/octet-stream"):
    > Match (rule="2"):
    > ScanFile (file="/var/quarantine/2XY-2001_M.doc"):
    > Unknown exit code: -9999
    >
    > Enforced policy: save
    >
    > Replaced mime type with: text/plain
    > Replaced file name with: DEFANGED-376.txt
    >
    > Total modifications so far: 1
    >
    >
    > Anomy 0.0.0 : Sanitizer.pm
    > $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $
    >



    hosted by molar.is