anomy-list

Re: weird problems

From: Luis Miguel R. (135641@xyz.molar.is)
Date: Thu 30 Dec 2004 - 13:01:02 GMT

  • Next message: Luis Miguel: "Re: weird problems"

    El miércoles, 29 diciembre del 2004 a las 03:07:11, Atom Powers escribió:
    >
    > This is my "catch everything" rule, and it has been working for me:
    >
    > file_list_3 = ^[^\.]+$
    >
    > As far as I can remember, these are just Perl regular expressions, but Anomy
    > does something weird with them when it reads them, so you mad have to do some
    > experimenting.
    >

    Problematic tests: test4 with eicar.com, test19 with eicar.zip
    A non problematic test: test1 with eicar.com
    (tests at www.testvirus.org)

    ----------------------
    file_list_rules = 1
    file_list_1 = ^[^\.]+$
    file_list_1_scanner = 0
    file_list_1_policy = save
    ----------------------
    Anomy dont detect the attachments at all, even test1

    ----------------------
    file_list_rules = 1
    file_list_1 = (?i)\.(.*)$
    file_list_1_scanner = 0
    file_list_1_policy = save
    ----------------------
    Anomy detect the wrong attachments on test4 and test19 but works fine with test1

    ----------------------
    file_list_rules = 1
    file_list_1 = (?i)\.(com|zip)$
    file_list_1_scanner = 0
    file_list_1_policy = save
    ----------------------
    Anomy detect the correct attachments on all tests.

    ---------------------
    file_list_rules = 2
    file_list_1 = (?i)\.(com|zip)$
    file_list_1_scanner = 0
    file_list_1_policy = save
    file_list_2 = (?i)\.(.*)$
    file_list_2_scanner = 0
    file_list_2_policy = save
    ---------------------
    Anomy detect the correct attachments on all tests.

    ---------------------
    file_list_1 = (?i)\.(foo|bar)$
    file_list_1_scanner = 0
    file_list_1_policy = save
    file_list_2 = (?i)\.(.*)$
    file_list_2_scanner = 0
    file_list_2_policy = save
    ---------------------
    Anomy detect the wrong attachments on test4 and test19 but works fine with test1

    Seems that anomy, on test 4 and 19, cant detect the correct attachments
    when the attachment extension isnt explicity used "(com|zip)" on one rule and
    the attachment have to be catched by the "catch all" rule.

    Is Anomy currently maintained?, I have sended mail to the developer with no response ..

    Greets.



    hosted by molar.is