anomy-list

• Previous message: Bjarni R. Einarsson: "A few more hints on using perl regexps."
• In reply to: Bjarni R. Einarsson: "Re: Announcing sanitizer.pl, revision 1.48"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Fri, 2002-01-04 at 21:34, Bjarni R. Einarsson wrote:
> On 2002-01-04, 21:35:52 (+0000), Dave Cridland wrote:
> > On Fri, 2002-01-04 at 20:07, Bjarni R. Einarsson wrote:
> > > Revision 1.48: (January 04, 2002)
> >
> > Aw... Only just updated Sanifilter to use 1.45. More work... :-)
>
> Nah hardly any work... should be a drop-in replacement. The only
> exception is that you will probably want to remove the macro scanner
> from your code and use the module I created for it instead.

Done all that.

Also included the support for chrooting and changing uid/gid.

You'll need to have your quarantine directory, and your external
scanner(s), if any, usable from within the chroot jail, as the relevant
user. You'll also need to adjust your LMTP UNIX socket name, if you're
using that.

If you're filtering SMTP, then that's normally TCP/IP, which doesn't
need changing.

There's also an extra option for the permission you'd like to set on the
LMTP port clients should connect to.

All at http://www.btinternet.com/~davecridland/downloads/sanifilter.pl -
the same place as usual. I'm working on polishing off the documentation
for this bit, too.

A further bit of wishlist:

Passing HTML to "accept" makes the HTML get defanged. This seems
slightly counter-intuitive - shouldn't we pass HTML through a filter
(say, builtin/html-defanger) to achieve this?

Of course, we might want to pass it through both the HTML cleaner *and*
a virus scanner, and want to control the order - there's other handy
things we might also want to do here (change the format of images,
decompress certain files (Windows users may not have bzip2, for
instance, and the virus scanner may not understand it either), and other
fun toys.

So how about this: We allow multiple filters to match, and send files
through in sequence. So a "unamed.html.gz" file may be passed through
"gunzip", which has the effect of decompressing it. We then pass the
resulting "unnamed.html" file through super-virus-scan, because it's an
HTML file now, and then finally through the HTML cleaner, because that's
safer than the virus scanners.

Of course, this might be possible to an extent already - I'm just
thinking aloud.

Dave.

• Next message: 29659@xyz.molar.is: "[ADV] EMAIL PROCESSORS WANTED!! FREE TO JOIN!! Time:2:07:52 AM"
• Previous message: Bjarni R. Einarsson: "A few more hints on using perl regexps."
• In reply to: Bjarni R. Einarsson: "Re: Announcing sanitizer.pl, revision 1.48"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]