El miércoles, 29 diciembre del 2004 a las 03:07:11, Atom Powers escribió:
>
> This is my "catch everything" rule, and it has been working for me:
>
> file_list_3 = ^[^\.]+$
>
> As far as I can remember, these are just Perl regular expressions, but Anomy
> does something weird with them when it reads them, so you mad have to do some
> experimenting.
>
Problematic tests: test4 with eicar.com, test19 with eicar.zip
A non problematic test: test1 with eicar.com
(tests at www.testvirus.org)
----------------------
file_list_rules = 1
file_list_1 = ^[^\.]+$
file_list_1_scanner = 0
file_list_1_policy = save
----------------------
Anomy dont detect the attachments at all, even test1
----------------------
file_list_rules = 1
file_list_1 = (?i)\.(.*)$
file_list_1_scanner = 0
file_list_1_policy = save
----------------------
Anomy detect the wrong attachments on test4 and test19 but works fine with test1
----------------------
file_list_rules = 1
file_list_1 = (?i)\.(com|zip)$
file_list_1_scanner = 0
file_list_1_policy = save
----------------------
Anomy detect the correct attachments on all tests.
---------------------
file_list_rules = 2
file_list_1 = (?i)\.(com|zip)$
file_list_1_scanner = 0
file_list_1_policy = save
file_list_2 = (?i)\.(.*)$
file_list_2_scanner = 0
file_list_2_policy = save
---------------------
Anomy detect the correct attachments on all tests.
---------------------
file_list_1 = (?i)\.(foo|bar)$
file_list_1_scanner = 0
file_list_1_policy = save
file_list_2 = (?i)\.(.*)$
file_list_2_scanner = 0
file_list_2_policy = save
---------------------
Anomy detect the wrong attachments on test4 and test19 but works fine with test1
Seems that anomy, on test 4 and 19, cant detect the correct attachments
when the attachment extension isnt explicity used "(com|zip)" on one rule and
the attachment have to be catched by the "catch all" rule.
Is Anomy currently maintained?, I have sended mail to the developer with no response ..
Greets.