anomy-list

Re: Sanitizer mangles file attachments when fp-linux-fs expires

From: Bjarni R. Einarsson (105354@xyz.molar.is)
Date: Wed 10 Dec 2003 - 13:36:01 GMT

  • Next message: Jackson, Jeff: "undefined value as a symbol error in Sanitizer.pm"

    On 2003-12-10, 02:13:27 (+0100), Romek Zylla wrote:
    > It seems that Sanitizer mangles file attachments when fp-linux-fs
    > expires - f-prot gives unknown error and eventually sanitizer
    > not knowing what to do delivers files with mangled names.
    > For example first.rtf is mangled to first_rtf.something which
    > cannot be clicked in Eudora or any mail reader.

    This is normal behavior.

    If the virus scanner crashes for some reason, then all the Sanitizer
    can assume about the security of said attachment is that it crashes
    virus scanners - which implies a security risk and should be treated
    conservatively.

    I recommend you fix your virus scanner installation, instead of
    changing the behavior of the Sanitizer.

    However, if that is what you want, then this behavior can be changed
    by modifying the sanitizer configuration. Basically, you change the
    virus-scanner's policy line to do something other than "mangle" or
    "defang" when it receives unknown exit codes. This is done by
    creating (or adding to) a sanitizer config file a line which sets
    the policy for the virus-scannign rule to something like this:

      file_list_1_policy = unknown:warn:drop:unknown

    The last policy, "unknown" here is probably set to "defang" on your
    installation. The policies separted by ':' characters apply, from
    left to right, to "clean", "disinfected", "infected" and
    "unknown/error" results from the virus scanner.

    -- 
    Bjarni Rúnar Einarsson
     105354@xyz.molar.is
     http://bre.klaki.net/
    

    PGP: 02764305, B7A3AB89



    hosted by molar.is