Hi all, I am using anomy sanitizer 1.69 for some time
with an apparently working configuration.
I use two rules, the first rule blocks all attachments
with dangerous extensions (exe, com, etc), the second
rule scans all attachs using an antivirus,
so all attachments that arent blocked are scanned.
My rules:
----------------------------------------------------------------------
file_list_1 = (?i)\.(com|exe|etc)$
file_list_1_scanner = 0
file_list_1_policy = save
file_list_2 = (?i)(.*)$
file_list_2_scanner = 0:1:2:/usr/local/bin/av-wrapper.sh %FILENAME
file_list_2_policy = accept:save:save:save
file_default_policy = accept
----------------------------------------------------------------------
Apparently this work fine, but today trying testvirus.org
two tests failed, test4 and test19.
After experimenting a lot, I discover that anomy dont like: "file_list_2 = (?i)(.*)$"
for some reason this rule prevents the first rule "file_list_1 = (?i)\.(com|exe|etc)$"
for working as expected.
Chaning file_list_2 to something like "(?i)(foo)$" will make file_list_1 work and
detect the viruses on test4 and test19.
I simpler example will be:
-------------------------------------
file_list_rules = 1
file_list_1 = (?i)\.(.*)$
file_list_1_scanner = 0
file_list_1_policy = save
-------------------------------------
With this configuration Anomy will fail to catch the correct
attachments on test4 and test19, it will not detect the correct attachment neither
the correct attachment name.
Any help would be appreciated.