anomy-list

defang/mangle .exe and .html files

From: Saad Kadhi (54292@xyz.molar.is)
Date: Wed 02 Oct 2002 - 22:32:15 GMT

  • Next message: Chad Manning: "sorting tagged email..."

    Hi there,

    I am pretty a new comer to Anomy so please bear with my possibly lame questions.

    I am trying to get defang/mangle work for .exe and .html files. My default
    policy is to defang and feat_html is set to 1. For testing I sent an email with
    3 attachements: test.vbs, test.exe, and test.html. test.vbs must be stopped with
    a drop policy. while others (.exe, .html) must be defang-ed.

    While I get the expected behavior for the test.vbs file, test.exe and test.html
    reach me as expected. I even tried with a file extension (.shmoo) that is not
    listed in any of the file_list statements. to no avail.

    As I understand defanging from the manual, Anomy should be renaming any .exe and
    .html (and .shmoos etc as long as they are not listed in any file_list) should
    be renamed to something else so that the user will take extra effort to execute
    those.

    Thanks for any advice/help. Here is some background data:
    Arch = i386
    OS = OpenBSD 3.1-stable
    Perl = 5.6.1
    tests passed ok

    contents of my conf file:

    ---
    # Do not log to STDERR:
    feat_log_stderr = 0
    

    # Don't insert log in the message itself: feat_log_inline = 0

    # Advertisement to insert in each mail header: header_info = X-Sanitizer: DocIsland Mail Filter header_url = 0 header_rev = 0

    # Enable filename based policy decisions: feat_files = 1

    # Protect against buffer overflows and null values: feat_lengths = 1

    # Replace MIME boundaries with our own: feat_boundaries = 1

    # Fix invalid and ambiguous MIME boundaries, if possible: feat_fixmime = 1

    # Trust signed and/or encrypted messages: feat_trust_pgp = 1 msg_pgp_warning = WARNING: Unsanitized content follows.\n

    # Do not Defang shell scripts: feat_scripts = 0

    # Defang active HTML: feat_html = 1

    # Defang UUEncoded files: feat_uuencoded = 0

    # Sanitize forwarded content too: feat_forwards = 1

    # Testing? Set to 1 for testing, 0 for production: feat_testing = 0

    # # Warn user about unscanned parts, etc. feat_verbose = 1

    # Force all parts (except text/html parts) to # have file names. feat_force_name = 1

    # Disable web bugs: feat_webbugs = 1

    # Disable "score" based mail discarding: score_panic = 0 score_bad = 0

    ## ## File attachment name mangling rules: ##

    # Specify the Anomy temp file and quarantine directory file_name_tpl = /var/spool/anomy/att-$F-$T.$$

    # Number of rulesets we are defining: file_list_rules = 2 file_default_policy = defang

    # Delete probably nasty attachments: file_list_1 = (?i)(winmail.dat)| file_list_1 += (\.(com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf file_list_1 += |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$ file_list_1_policy = drop file_list_1_scanner = 0

    # Allow known "safe" file types and those that will be # scanned by the user's desktop virus scanner: file_list_2 = (?i)\. # Word processor and document formats: file_list_2 += (doc|dot|txt|rtf|pdf|ps|[sp]? # Spreadsheets: file_list_2 += |xls|xlw|xlt|csv|wk[1-4] # Presentation applications: file_list_2 += |ppt|pps|pot # Bitmap graphic files: file_list_2 += |jpe?g|gif|png|tiff?|bmp|psd|pcx # Vector graphics and diagramming: file_list_2 += |vsd|drw|cdr|swf # Multimedia: file_list_2 += |mp3|avi|mpe?g|mov|ram?|mid|ogg # Archives: file_list_2 += |g?z|rar|tgz|bz2|tar # Source code: file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas) file_list_2_policy = accept file_list_2_scanner = 0

    # Any file type not listed above gets renamed to prevent # ms outlook from auto-executing it.

    -- Saad Kadhi -- [54382@xyz.molar.is] [54292@xyz.molar.is] [pgp keyid: 35592A6D http://pgp.mit.edu] [pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D] --- "Si ce que tu dis n'est ni beau, ni bon, ni vrai, alors tais-toi!" - Socrate



    hosted by molar.is