On Fri, 2002-01-04 at 21:34, Bjarni R. Einarsson wrote:
> On 2002-01-04, 21:35:52 (+0000), Dave Cridland wrote:
> > On Fri, 2002-01-04 at 20:07, Bjarni R. Einarsson wrote:
> > > Revision 1.48: (January 04, 2002)
> > Aw... Only just updated Sanifilter to use 1.45. More work... :-)
> Nah hardly any work... should be a drop-in replacement. The only
> exception is that you will probably want to remove the macro scanner
> from your code and use the module I created for it instead.
Done all that.
Also included the support for chrooting and changing uid/gid.
You'll need to have your quarantine directory, and your external
scanner(s), if any, usable from within the chroot jail, as the relevant
user. You'll also need to adjust your LMTP UNIX socket name, if you're
If you're filtering SMTP, then that's normally TCP/IP, which doesn't
There's also an extra option for the permission you'd like to set on the
LMTP port clients should connect to.
All at http://www.btinternet.com/~davecridland/downloads/sanifilter.pl -
the same place as usual. I'm working on polishing off the documentation
for this bit, too.
A further bit of wishlist:
Passing HTML to "accept" makes the HTML get defanged. This seems
slightly counter-intuitive - shouldn't we pass HTML through a filter
(say, builtin/html-defanger) to achieve this?
Of course, we might want to pass it through both the HTML cleaner *and*
a virus scanner, and want to control the order - there's other handy
things we might also want to do here (change the format of images,
decompress certain files (Windows users may not have bzip2, for
instance, and the virus scanner may not understand it either), and other
So how about this: We allow multiple filters to match, and send files
through in sequence. So a "unamed.html.gz" file may be passed through
"gunzip", which has the effect of decompressing it. We then pass the
resulting "unnamed.html" file through super-virus-scan, because it's an
HTML file now, and then finally through the HTML cleaner, because that's
safer than the virus scanners.
Of course, this might be possible to an extent already - I'm just