anomy-list

weird problems

From: Luis Miguel (135551@xyz.molar.is)
Date: Wed 29 Dec 2004 - 22:37:21 GMT

  • Next message: Luis Miguel R.: "Re: weird problems"

    Hi all, I am using anomy sanitizer 1.69 for some time
    with an apparently working configuration.

    I use two rules, the first rule blocks all attachments
    with dangerous extensions (exe, com, etc), the second
    rule scans all attachs using an antivirus,
    so all attachments that arent blocked are scanned.

    My rules:
    ----------------------------------------------------------------------
    file_list_1 = (?i)\.(com|exe|etc)$
    file_list_1_scanner = 0
    file_list_1_policy = save

    file_list_2 = (?i)(.*)$
    file_list_2_scanner = 0:1:2:/usr/local/bin/av-wrapper.sh %FILENAME
    file_list_2_policy = accept:save:save:save

    file_default_policy = accept
    ----------------------------------------------------------------------

    Apparently this work fine, but today trying testvirus.org
    two tests failed, test4 and test19.

    After experimenting a lot, I discover that anomy dont like: "file_list_2 = (?i)(.*)$"
    for some reason this rule prevents the first rule "file_list_1 = (?i)\.(com|exe|etc)$"
    for working as expected.
    Chaning file_list_2 to something like "(?i)(foo)$" will make file_list_1 work and
    detect the viruses on test4 and test19.

    I simpler example will be:
    -------------------------------------
    file_list_rules = 1
    file_list_1 = (?i)\.(.*)$
    file_list_1_scanner = 0
    file_list_1_policy = save
    -------------------------------------
    With this configuration Anomy will fail to catch the correct
    attachments on test4 and test19, it will not detect the correct attachment neither
    the correct attachment name.

    Any help would be appreciated.



    hosted by molar.is