anomy-list

logging problem

From: Michael Long (128387@xyz.molar.is)
Date: Tue 08 Jun 2004 - 16:53:35 GMT

  • Next message: Paul Brennan: "Patch for contrib/check_for_virus to enable f-secure antivirus"

    I'm having trouble with anomy logging "regular" emails - that is, emails
    which are text only

    Can anyone help me figure out what the configuration problem is?

    Here is part of the log below...I guess part of the issue is that it is
    virus scanning anything...I am using the default rule in anomy (rule set 2)
    and it is also hitting the default rule 9. The thing is, if its accepted I
    don't want all this log tacked onto the bottom. but if I turn off logging
    completely then it is doesn't ever show anything when viruses are detected,
    etc.

       Got MIME info: _disposition="inline", _encoding="7bit",
    _type="text/plain", boundary="", charset="us-ascii", format="flowed"

      Finished parsing message header.
      Parsing body as text/*
      CleanUnknown
      CleanText
      SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
        Rule 1: (?i)(winmail.dat)
        Rule 2: .*
        Match (names="unnamed.txt", rule="2"):
          Saved attachment as /var/quarantine/att-unnamed.txt.8NJ (106 bytes,
    digest 4cbc9604050204d8d07bca55de8a6b8c859e21e469ec81296d2ef197d4e8139a).
          ScanFile (file="/var/quarantine/att-unnamed.txt.8NJ"):
            /usr/local/bin/f-prot -ai -archive -dumb %FILENAME
            Scan cmd: /usr/local/bin/f-prot -ai -archive -dumb
    /var/quarantine/att-unnamed.txt.8NJ
                    Virus scanning report - 8 June 2004 @ 12:53
                                    F-PROT ANTIVIRUS
                    Program version: 4.3.2
                    Engine version: 3.14.7
                                    VIRUS SIGNATURE FILES
                    SIGN.DEF created 4 June 2004
                    SIGN2.DEF created 4 June 2004
                    MACRO.DEF created 7 June 2004
                                    Search: /var/quarantine/att-unnamed.txt.8NJ
                    Action: Report only
                    Files: "Dumb" scan of all files
                    Switches: -ARCHIVE -AI
                                                    Results of virus scanning:
                                    Files: 1
                    MBRs: 0
                    Boot sectors: 0
                    Objects scanned: 1
                                    Time: 0:00
                                    No viruses or suspicious files/boot sectors
    were found.
                    Scan succeeded, file is clean.

          Enforced policy: unknown

        Rule 3: (?i)\.(exe)$
        Rule 5: (?i)\.(do[tc]|xl[aswct]|p[po]t|pps|rtf|md[abw])$
        Rule 7:
    (?i)\.(com|cmd|bat|sys|vb[se]?|hta|shb|shs|chm|ocx|eml|wsf|js|wsh|msi|msp|cpl|pif|scr|lnk|dll)\.?$
        Rule 9:
    (?i)\.(gif|tiff?|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx|fm)|fdf|fon|[ot]tf|bmp|ico|mp\d|wav|au|ram?|avi|mov|mpe?g|aif[fc]?|cda|midi?|asf|wm[avf]|t(xt|ex)|csv|l(og|yx)|ini|[ch](pp|\+\+)?|cc|hh|s|inc|asm|pa(tch|s)|java|php\d?|[ja]sp|[sp]?html?|css|xml)(\.[gb]?z\d?)?\.?$
        Match (names="unnamed.txt", rule="9"):
          Enforced policy: accept

    Anomy 0.0.0 : Sanitizer.pm
    $Id: Sanitizer.pm,v 1.82 2004/01/12 18:02:35 bre Exp $



    hosted by molar.is