anomy-list

Re: Announcing sanitizer.pl, revision 1.48

From: Dave Cridland (29539@xyz.molar.is)
Date: Tue 08 Jan 2002 - 11:22:05 UTC

  • Next message: 29659@xyz.molar.is: "[ADV] EMAIL PROCESSORS WANTED!! FREE TO JOIN!! Time:2:07:52 AM"

    On Fri, 2002-01-04 at 21:34, Bjarni R. Einarsson wrote:
    > On 2002-01-04, 21:35:52 (+0000), Dave Cridland wrote:
    > > On Fri, 2002-01-04 at 20:07, Bjarni R. Einarsson wrote:
    > > > Revision 1.48: (January 04, 2002)
    > >
    > > Aw... Only just updated Sanifilter to use 1.45. More work... :-)
    >
    > Nah hardly any work... should be a drop-in replacement. The only
    > exception is that you will probably want to remove the macro scanner
    > from your code and use the module I created for it instead.

    Done all that.

    Also included the support for chrooting and changing uid/gid.

    You'll need to have your quarantine directory, and your external
    scanner(s), if any, usable from within the chroot jail, as the relevant
    user. You'll also need to adjust your LMTP UNIX socket name, if you're
    using that.

    If you're filtering SMTP, then that's normally TCP/IP, which doesn't
    need changing.

    There's also an extra option for the permission you'd like to set on the
    LMTP port clients should connect to.

    All at http://www.btinternet.com/~davecridland/downloads/sanifilter.pl -
    the same place as usual. I'm working on polishing off the documentation
    for this bit, too.

    A further bit of wishlist:

    Passing HTML to "accept" makes the HTML get defanged. This seems
    slightly counter-intuitive - shouldn't we pass HTML through a filter
    (say, builtin/html-defanger) to achieve this?

    Of course, we might want to pass it through both the HTML cleaner *and*
    a virus scanner, and want to control the order - there's other handy
    things we might also want to do here (change the format of images,
    decompress certain files (Windows users may not have bzip2, for
    instance, and the virus scanner may not understand it either), and other
    fun toys.

    So how about this: We allow multiple filters to match, and send files
    through in sequence. So a "unamed.html.gz" file may be passed through
    "gunzip", which has the effect of decompressing it. We then pass the
    resulting "unnamed.html" file through super-virus-scan, because it's an
    HTML file now, and then finally through the HTML cleaner, because that's
    safer than the virus scanners.

    Of course, this might be possible to an extent already - I'm just
    thinking aloud.

    Dave.



    hosted by molar.is