On 2002-02-07, 21:20:40 (+0000), Dave Cridland wrote:
> On Wed, 2002-02-06 at 08:58, David Tilley wrote:
> > It appears that Anomy stops processing a part as soon as it gets a rule
> > match. That is, once a file_list_# pattern matches, remaining rules/patterns
> > are not checked for that part. Is this by design or have I misconfigured
> > somewhere?
> It's a restriction in the design.
Actually, this isn't true. In the case of external scanners (virus
scanners or others) the policy "unknown" will cause the following
rules to be checked. What David Tilley wants, is to use "unknown"
instead of "accept" in his scanning rule.
Also, the recently added "warn" policy can be used to create a
warning in the log file, while leaving decision making to
I couldn't think of any other cases where it makes sense to check a
whole bunch of different rules - but please correct me if I'm
wrong. Checking rules is inherantly a linear process - either a
rule gives a result or it doesn't, and if it doesn't you check the
Unless you want to be able to branch. It might be nice to have a
goto:N policy which would skip to the N'th rule. That would
probably make the configuration file language turing complete,
too... would anyone want to use such a feature? Who cares, turing
completeness is cool, I'll probably add that next time I have time.
> Anomy can't rewind the stream, since it may have been altered by a rule
... unless the part has been dumped to disk for scanning by a third
party application. Using an unmodified Sanitizer it is currently
possible to implement arbitrary data conversion using external tools.
For example, it would be possible to "scan" all HTML parts with the
lynx browser, returning the plain-text rendering of the file, and
then scan *that* with a naughty-word checker or spell checker or
something like that.
I don't think anyone has been crazy enough to do anything like this
yet (the docs probably aren't quite clear enough about this
actually being possible), but the capability is there, and has been
for a few revisions now. You just need to think creatively when
creating config files. :-)
The manual really needs a chapter explaining how to write
configuration files. Anyone want to volunteer to write it for me?
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 email@example.com -><- http://bre.klaki.net/
Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: firstname.lastname@example.org