anomy-list

RE: Anomy and Macs

From: Adam Harper (59348@xyz.molar.is)
Date: Wed 23 Oct 2002 - 15:42:50 GMT

  • Next message: 59479@xyz.molar.is: "RE: Anomy and Macs"

    Below is the list of file types I drop on sight, its mostly the same stuff
    that Microsoft configure Outlook (not Express) to block as well.

    # Rule 1: Delete harmful attachments (.exe, etc.)
    #
    file_list_1_scanner = 0
    file_list_1_policy = drop
    file_list_1 = (?i)(winmail\.dat
    file_list_1 += |\.([23]86|ad[ep]|ba[st]|c(hm|md|om|pl|rt)|class|d(ll|rv)
    file_list_1 += |exe|fot|h(lp|ta|tt)|in[fs]|isp|job|js|js(e)|lnk|md[betz]
    file_list_1 += |mht|ms[cipt]|o(cx|vl)|pcd|pif|ppa|qtx|reg|rom|sys|sh[bs]
    file_list_1 += |sc[rft]|url|vb|vb[esx]|wll|wiz|wsc|wsf|wsh|wpm|xl[al])
    file_list_1 += (\.g?z|z.bz\d?)*)$

    HTH,

    Adam Harper
    IT Technician
    Lymington Precision Engineers Co. Ltd.

    -----Original Message-----
    From: David [mailto:59447@xyz.molar.is]
    Sent: 23 October 2002 16:27
    To: 59397@xyz.molar.is
    Subject: [anomy-list]: Anomy and Macs

    Dear gurus,

    Anomy is up and running:) I have read the manual and the recommendation to
    use "defang" as a default policy. My problem is that I have a lot of mac
    users (including myself) on my system. Mac OS doesn't use a file extension
    to file names, so I need to set the default policy to: accept

    My question is if someone got a nice conf file with all kinds of bad stuff
    to block? Right now it looks like this:

    file_list_1 = (?i)(winmail.dat)|
    file_list_1 +=
    (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|in
    file_list_1 += |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
    file_list_1_policy = drop
    file_list_1_scanner = 0

     Blue skies,
     /David



    hosted by molar.is