Re: file list rules processing

From: Bjarni R. Einarsson (
Date: Thu 07 Feb 2002 - 20:32:02 UTC

  • Next message: Dave Cridland: "Re: file list rules processing"

    On 2002-02-07, 21:20:40 (+0000), Dave Cridland wrote:
    > On Wed, 2002-02-06 at 08:58, David Tilley wrote:
    > > It appears that Anomy stops processing a part as soon as it gets a rule
    > > match. That is, once a file_list_# pattern matches, remaining rules/patterns
    > > are not checked for that part. Is this by design or have I misconfigured
    > > somewhere?
    > It's a restriction in the design.

    Actually, this isn't true. In the case of external scanners (virus
    scanners or others) the policy "unknown" will cause the following
    rules to be checked. What David Tilley wants, is to use "unknown"
    instead of "accept" in his scanning rule.

    Also, the recently added "warn" policy can be used to create a
    warning in the log file, while leaving decision making to
    subsequent rules.

    I couldn't think of any other cases where it makes sense to check a
    whole bunch of different rules - but please correct me if I'm
    wrong. Checking rules is inherantly a linear process - either a
    rule gives a result or it doesn't, and if it doesn't you check the
    next one.

    Unless you want to be able to branch. It might be nice to have a
    goto:N policy which would skip to the N'th rule. That would
    probably make the configuration file language turing complete,
    too... would anyone want to use such a feature? Who cares, turing
    completeness is cool, I'll probably add that next time I have time.
    Muahahaha. ;-)

    > Anomy can't rewind the stream, since it may have been altered by a rule

    ... unless the part has been dumped to disk for scanning by a third
    party application. Using an unmodified Sanitizer it is currently
    possible to implement arbitrary data conversion using external tools.

    For example, it would be possible to "scan" all HTML parts with the
    lynx browser, returning the plain-text rendering of the file, and
    then scan *that* with a naughty-word checker or spell checker or
    something like that.

    I don't think anyone has been crazy enough to do anything like this
    yet (the docs probably aren't quite clear enough about this
    actually being possible), but the capability is there, and has been
    for a few revisions now. You just need to think creatively when
    creating config files. :-)

    The manual really needs a chapter explaining how to write
    configuration files. Anyone want to volunteer to write it for me?

    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89                -><-    

    Check out my open-source email sanitizer: Spammers, please send plenty of email to:

    hosted by