anomy-list

• Previous message: Luis Miguel: "sanitizer log in body"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

I'm having trouble with anomy logging "regular" emails - that is, emails
which are text only

Can anyone help me figure out what the configuration problem is?

Here is part of the log below...I guess part of the issue is that it is
virus scanning anything...I am using the default rule in anomy (rule set 2)
and it is also hitting the default rule 9. The thing is, if its accepted I
don't want all this log tacked onto the bottom. but if I turn off logging
completely then it is doesn't ever show anything when viruses are detected,
etc.

   Got MIME info: _disposition="inline", _encoding="7bit",
_type="text/plain", boundary="", charset="us-ascii", format="flowed"

  Finished parsing message header.
  Parsing body as text/*
  CleanUnknown
  CleanText
  SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
    Rule 1: (?i)(winmail.dat)
    Rule 2: .*
    Match (names="unnamed.txt", rule="2"):
      Saved attachment as /var/quarantine/att-unnamed.txt.8NJ (106 bytes,
digest 4cbc9604050204d8d07bca55de8a6b8c859e21e469ec81296d2ef197d4e8139a).
      ScanFile (file="/var/quarantine/att-unnamed.txt.8NJ"):
        /usr/local/bin/f-prot -ai -archive -dumb %FILENAME
        Scan cmd: /usr/local/bin/f-prot -ai -archive -dumb
/var/quarantine/att-unnamed.txt.8NJ
                Virus scanning report - 8 June 2004 @ 12:53
                                F-PROT ANTIVIRUS
                Program version: 4.3.2
                Engine version: 3.14.7
                                VIRUS SIGNATURE FILES
                SIGN.DEF created 4 June 2004
                SIGN2.DEF created 4 June 2004
                MACRO.DEF created 7 June 2004
                                Search: /var/quarantine/att-unnamed.txt.8NJ
                Action: Report only
                Files: "Dumb" scan of all files
                Switches: -ARCHIVE -AI
                                                Results of virus scanning:
                                Files: 1
                MBRs: 0
                Boot sectors: 0
                Objects scanned: 1
                                Time: 0:00
                                No viruses or suspicious files/boot sectors
were found.
                Scan succeeded, file is clean.

      Enforced policy: unknown

    Rule 3: (?i)\.(exe)$
    Rule 5: (?i)\.(do[tc]|xl[aswct]|p[po]t|pps|rtf|md[abw])$
    Rule 7:
(?i)\.(com|cmd|bat|sys|vb[se]?|hta|shb|shs|chm|ocx|eml|wsf|js|wsh|msi|msp|cpl|pif|scr|lnk|dll)\.?$
    Rule 9:
(?i)\.(gif|tiff?|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx|fm)|fdf|fon|[ot]tf|bmp|ico|mp\d|wav|au|ram?|avi|mov|mpe?g|aif[fc]?|cda|midi?|asf|wm[avf]|t(xt|ex)|csv|l(og|yx)|ini|[ch](pp|\+\+)?|cc|hh|s|inc|asm|pa(tch|s)|java|php\d?|[ja]sp|[sp]?html?|css|xml)(\.[gb]?z\d?)?\.?$
    Match (names="unnamed.txt", rule="9"):
      Enforced policy: accept

Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.82 2004/01/12 18:02:35 bre Exp $

• Next message: Paul Brennan: "Patch for contrib/check_for_virus to enable f-secure antivirus"
• Previous message: Luis Miguel: "sanitizer log in body"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]