anomy-list

• Previous message: Bjarni R. Einarsson: "Re: Anomy + F-Prot for Linux (oops, typo)"
• In reply to: Bjarni R. Einarsson: "Re: Anomy + F-Prot for Linux (oops, typo)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Thanks for the quick reply. I decided to test using the default
configuration (now I'm just invoking sanitizer.pl with -fprotd and no other
arguments ...), and I get the following in my /var/log/maillog:

---8<---
Nov 5 13:37:45 linux19131 fprotd[13546]: Scanner arguments: -archive -ai -
dumb
Nov 5 13:37:45 linux19131 fprotd[13547]: Scanner arguments: -archive -ai -
dumb
Nov 5 13:38:05 linux19131 fprotd[13549]: Scanner arguments: -archive -ai -
dumb
Nov 5 13:38:11 linux19131 fprotd[13550]: Scanner arguments: -archive -ai -
dumb
Nov 5 13:38:26 linux19131 fprotd[13551]: Scanner arguments: -archive -ai -
dumb
--->8---

(ignore word wrapping .. each line should start with Nov 5)

Without digging deeper, I'm not sure why fprotd appears to be starting up
with different process id's 5 different times. My guess is retrying. Mail
still gets delivered, but with the following sanitizer.log:

---8<---
This message has been 'sanitized'. This means that potentially
dangerous content has been rewritten or removed. The following
log describes which actions were taken.

Sanitizer (start="1036521465"):
  Part (pos="614"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        ScanFile (file="/tmp/att-3dc80ff9-5MX-unnamed.txt"):
          F-Prot: Error (-1) scanning file!
          Unknown exit code: -256

        Enforced policy: defang

      Replaced mime type with: application/DEFANGED-2520
      Replaced file name with: unnamed_txt.DEFANGED-2520

  Part (pos="722"):
    SanitizeFile (filename="sh", mimetype="application/octet-stream"):
      Match (rule="2"):
        ScanFile (file="/tmp/att-3dc81012-GXJ-sh"):
          F-Prot: Error (-1) scanning file!
          Unknown exit code: -256

        Enforced policy: defang

      Replaced mime type with: application/DEFANGED-2521
      Replaced file name with: sh.DEFANGED-2521

  Total modifications so far: 2

Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.63 2002/10/02 16:03:01 bre Exp $
--->8---

It looks like something's awry when it goes into /tmp .. /tmp is:

drwxrwxrwt 3 root root 4096 Nov 5 13:38 tmp

so it should be able to read/write ... Nothing's chroot'ed either .. yet.

Did I miss something?

Thanks again,
~Hunter

Quoting "Bjarni R. Einarsson" <63037@xyz.molar.is>:

> On 2002-11-05, 10:49:34 (+0000), Bjarni R. Einarsson wrote:
> > This adds to the default configuration a rule (number 2) which will
> > scan all attachments not blocked by rule number 2, using the daemon.
>
> That should have read "not blocked by rule number 1".

• Next message: Lucas Peet: "Problem with Anomy/Postfix/SpamAssassin"
• Previous message: Bjarni R. Einarsson: "Re: Anomy + F-Prot for Linux (oops, typo)"
• In reply to: Bjarni R. Einarsson: "Re: Anomy + F-Prot for Linux (oops, typo)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]