Based on your example, I'd like to do something like :
file_list_4 = .*
file_list_4_scanner = 0:6:3,8:/usr/local/secondscanner %FILENAME
file_list_4_policy = accept:save:save:save
and file_list_4 would run only if f-prot accepted the file !
Is there any way I can do this ??
On Wed, 2003-07-23 at 12:52, D. J. Hagberg wrote:
> I am not sure if this is what you're asking for, the logic is somewhat
> reversed. This is a production sanitizer.cfg I use at a site with a
> moderate volume of email. The "logical" description of the policy is
> described pretty well in the comments:
> 1. Drop attachments with names that are known to be bad
> 2. Quarantine all executable attachments
> 3. Run *everything* else through a virus scanner. Yes, even text
> and HTML attachments (since the mime types and extensions have
> the possibility of being faked). If it passes the virus scanner
> cleanly, the attachment is allowed through, otherwise quarantined.
>
> Perhaps you can use this example and the examples that come with
> Anomy to implement your desired policy...
>
> -=- D. J.
>
> (Note: the file_list_3_scanner line may be wrapped in email transit as
> it is longer than 80 chars).
> ---------------------- begin sanitizer.cfg -----------------------
> #
> # Temporary and saved file names use this template
> #
> file_name_tpl = /var/quarantine/att-$F-$T-$$$
>
> #
> # Feature switches:
> #
> feat_verbose = 1
> feat_log_inline = 0
> feat_log_stderr = 1
> feat_force_name = 1
> feat_mime_files = 1
>
> #
> # Number of rules below
> #
> file_list_rules=3
>
> # Drop known evil stuff
> file_list_1_scanner = 0
> file_list_1_policy = drop
> file_list_1 = (?i)((happy99|x-mas|setup|aol4free|ie0199|funlove|flcss).exe
> file_list_1 += |(mine).zip)
>
> # Quarantine any attachments that users should have no reason to mail around
> file_list_2_scanner = 0
> file_list_2_policy = save
> file_list_2 = (?i)(winmail\.dat|\.
> file_list_2 += (exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|vb[se]?|hta
> file_list_2 += |sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[abew]|ms[ip]
> file_list_2 += |reg|asd|cil|pps|asx|wm[szd])(\.g?z|\.bz\d?)*)$
>
> # Scan *everything* else with the f-prot virus scanner
> file_list_3_scanner = 0:6:3,8:/usr/local/f-prot/f-prot -ai -archive
> -dumb %FILENAME
> file_list_3_policy = accept:save:save:save
> file_list_3 = .*
> ----------------------- end sanitizer.cfg ------------------------
>
> Leandro Rodrigo Saad Cruz wrote:
> > Hi all. I'd like to scan my email twice. The first time I'll check to
> > see if the user can receive an attachment of a file named foo.txt. If he
> > can receive this attachment I want to scan foo.txt fo viroses. Which is
> > the best way to do this with procmail/sanitizer ?
> >
> > 1 - invoke sanitizer twice :
> >
> > Is this case how do I tell procmail to execute the virus scanner
> > when my first scritp says the user can receive the file ?
> >
> > 2 - use two file_list on sanitizer.cfg :
> >
> > In this case how do I tell sanitizer to invoke mode than one
> > file_list ?
> >
> > 3 - use only one script :
> >
> > I think it works. But I'd like to keep thing separate !
> >
> >
> >
>
>
>
-- Leandro Rodrigo Saad Cruz IT - Inter Business Tecnologia e Servicos (IB) http://www.ibnetwork.com.br http://db.apache.org/ojb http://xingu.sourceforge.net