Anomy - Almost Perfect

From: Matt Fahrner (
Date: Thu 20 May 2004 - 17:02:49 GMT

  • Next message: Kyle Victor: "ClamAV + Anomy"


    I've been very impressed so far by Anomy as an email filter. I have
    one issue though that I'd need to solve to consider using this more

    What I'm trying to do is to do very basic sanitizing. All I want to do
    is remove (strip) specific executable attachments types (pretty much
    the standard Microsoft list) and *no* more. I don't want to defang
    MIME, I don't want to touch HTML, I don't want to muck with anything
    else. We want to leave a degree of flexibility (and yes, risk) to the
    users, but we know for a fact we don't want ".exe", ".com", ".pif",
    etc. attachments in period.

    I've been able to get to that except for one detail - we want to be
    able to allow forwarded HTML pages in untouched. For example, if say
    I'm say browsing "" on my Mozilla browser and go:

         File / Send Page...

    when this is received after going through the Anomy parser it doesn't
    display correctly. The text is there but all the graphics are gone.

    The reason appears to be that the following MIME header items are removed:

         Content-Base: ""
         Content-Location: ""

    which is used to resolve the relative URL items in the attached HTML.

    I know HTML like this is iffy and all, however in a business
    environment we can only afford to interfere so much with content that
    is arriving. We have far too many users that would complain if we were
    too intrusive (we leave the rest to multiple levels of virus scanning).

    In any case, is there a solution? I checked through all the options
    and there seems to be none. Additionally, a quick code check appears
    to show that these may just be dropped (there seems to be a finite set
    of these headers that are "forwarded").

    Thanks in advance,

                            - Matt


    --------------------------------------------------------------------- Matt Fahrner 2 South Park St. Manager of Networking Willis House Burlington Coat Factory Warehouse Lebanon, N.H. 03766 TEL: (603) 448-4100 xt 5150 USA FAX: (603) 443-6190 ---------------------------------------------------------------------

    hosted by