anomy-list

sanitizer doesn't work

From: Joseph Goh (117074@xyz.molar.is)
Date: Sat 06 Mar 2004 - 02:24:25 GMT

  • Next message: Holger Isenberg: "signed MIME-PGP broken?"

    I just installed Anomy 1.66 on my mail server.
    i have added this line to my /etc/procmailrc
    :0 fw
    |/usr/local/bin/anomy/bin/sanitizer.pl /etc/sanitizer.cfg

    I also have create sanitizer.cfg in /etc like this :

     #

     # These are the default values for all feature switches.

     #

     feat_verbose = 1 # Warn user about unscanned parts, etc.

     feat_log_inline = 1 # Inline logs: 0 = Off, 1 = Maybe, 2 = Force

     feat_log_stderr = 1 # Print log to standard error

     feat_log_xml = 0 # Don't use XML format for logs.

     feat_log_trace = 0 # Omit trace info from logs.

     feat_log_after = 0 # Don't add any scratch space to part headers.

     feat_files = 1 # Enable filename-based policy decisions.

     feat_force_name = 0 # Force all parts (except text/plain and

                         # text/html parts) to have file names.

     feat_boundaries = 0 # Replace all boundary strings with our own

                         # NOTE: Always breaks PGP/MIME messages!

     feat_lengths = 1 # Protect against buffer overflows and null

                         # values.

     feat_scripts = 1 # Defang incoming shell scripts.

     feat_html = 1 # Defang active HTML content.

     feat_webbugs = 0 # Web-bugs are allowed.

     feat_trust_pgp = 0 # Don't scan PGP signed message parts.

     feat_uuencoded = 1 # Sanitize inline uuencoded files.

     feat_forwards = 1 # Sanitize forwarded messages

     feat_testing = 0 # This isn't a test-case configuration.

     feat_fixmime = 1 # Fix invalid MIME, if possible.

     feat_paranoid = 0 # Don't be excessively paranoid about MIME headers etc.

     #

     # Scoring

     #

     score_bad = 100 # Any message requring this many modifications

                         # will cause the sanitizer to return a non-zero

                        # exit code after processing the entire message.

     #

     # You may need to increase the following if you have a very

     # complex configuration split between multiple files.

     #

     max_conf_recursions = 5 # The default is 5.

     #

     # Create temporary or saved files using this template.

     # An attachment named "dude.txt" might be saved as

     #

     # /var/quarantine/att-dude-txt.A9Y

     #

     # Note: The directory must exist and be writable by

     # the user running the sanitizer.

     #

     file_name_tpl = /var/quarantine/att-$F.$$$

    # Always quarantine these file types
    file_list_1_scanner = 0
    file_list_1_policy = save
    file_list_1 = (?i)(winmail\.dat
    file_list_1 += |\.(exe|vb[es]|c(om|hm)|bat|s(ys|cr))*)$

    # Allow these file types through: images, music, sound, etc.
    file_list_2_scanne = 0
    file_list_2_policy = accept
    file_list_2 = (?i)\.(gif|jpe?g|pn[mg]
    file_list_2 += |x[pb]m|dvi|e?ps|p(df|cx)|bmp
    file_list_2 += |mp[32]|wav|au|ram?
    file_list_2 += |avi|mov|mpe?g)*$
     
    # Scan these file types for macros, viruses
    file_list_3_scanner = 0:1:2:builtin 25
    file_list_3_policy = accept:save:save:defang
    file_list_3 = (?i)\.(xls|d(at|oc|ot)|p(pt|l)|rtf
    file_list_3 += |ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
    file_list_3 += |(\.g?z|\.bz\d?))*$

    But it didn't work at all, the anomy won't read the sanitizer.cfg configuration.
    Then in /etc/procmailrc, i try to edit the line :

    :0 fw
    |/usr/local/bin/anomy/bin/sanitizer.pl /etc/sanitizer.cfg
    become
    :0 fw
    |/usr/local/bin/anomy/bin/sanitizer.pl

    It seem to be work, the anomy can mangle, defang, save and drop the attachment.

    Do you know why the sanitizer doesn't want to read the sanitizer.cfg but it will read sanitizer.pl ???????????
    I have tried to modified, but there is no result, can you help me ????????

      Regards,

    Joseph Goh

    Attachments:
     + http://mailtools.anomy.net/archives/anomy-list//a2/14/0493685/01.unnamed.html



    hosted by molar.is