It appears that Anomy stops processing a part as soon as it gets a rule
match. That is, once a file_list_# pattern matches, remaining rules/patterns
are not checked for that part. Is this by design or have I misconfigured
somewhere?
I'm trying to first feed everything through an external virus scanner,
regardless of filename, so I do this:
file_list_rules = 1
file_list_1 = (?s).*
file_list_1_policy = accept:save:save:save
file_list_1_scanner = 0:1:2:/etc/procmail/viruscheck %FILENAME
which seemed to work just fine.
But when I add another file_list section to defang selected extensions, the
new file_list pattern never gets matched.
file_list_rules = 2
# file_list_1 stuff unchanged from above
# trivial example, not for production
file_list_2 = (?i)\.(vbs|dll|scr)$
file_list_2_policy = defang
file_list_2_scanner = 0
When I send a test.vbs attachment, it does not get defanged. According to
the log trace, Rule 1 is matched but Rule 2 is never tested. If I then munge
the pattern in Rule 1 such that nothing matches, Rule 2 is tested and
matched.
Is there any way to have Anomy continue down the rules list even after a
match?
On further reflection, I'm guessing not. Once a rule is matched and the part
is processed, Anomy would have to "rewind" the stream to process the part
again (assuming the part hadn't already been dropped or saved).
Thanks,
dvt