anomy-list

RE: weird problems

From: Atom Powers (135821@xyz.molar.is)
Date: Thu 30 Dec 2004 - 15:44:11 GMT


 
What is your test script? Are you piping mail w/ attachments into Anomy or
are you running it through procmail or some other mail filter.

It looks like the last update to Anomy (in the FreeBSD ports collection) was
9 months ago to 1.66, but it *is* the holidays so I wouldn't expect an answer
from anybody until mid-January.

But now that I'm looking more closely at my conf file, I have no idea where I
got that filter rule I sent before. All the filters in my current, working
config look something like this:

File_list_1 = (?i)\.
File_list_1 += ( <list of extensions>
File_list_1 += )\s*$

So you might try something like
File_list_1 = (?i)\.(.*)\s*$

----
Perfection is just a word I use occasionally with mustard.

Atom Powers Systems Administrator Pyramid Breweries Inc. 206.682.8322 -----Original Message----- From: Luis Miguel [mailto:135865@xyz.molar.is] Sent: Thursday, December 30, 2004 6:38 AM To: 135904@xyz.molar.is Subject: Re: [anomy-list]: weird problems

El jueves, 30 diciembre del 2004 a las 02:01:02, Luis Miguel R. escribió: > El miércoles, 29 diciembre del 2004 a las 03:07:11, Atom Powers escribió: > > > > This is my "catch everything" rule, and it has been working for me: > > > > file_list_3 = ^[^\.]+$ > > > > As far as I can remember, these are just Perl regular expressions, > > but Anomy does something weird with them when it reads them, so you > > mad have to do some experimenting. > > > > Problematic tests: test4 with eicar.com, test19 with eicar.zip A non > problematic test: test1 with eicar.com (tests at www.testvirus.org)

Other way to make test 4 and 19 fail:

---------------------- file_list_rules = 1 file_list_1 = (?i)\.(com|zip)$ file_list_1_scanner = 0 file_list_1_policy = save ---------------------- Anomy detect the correct attachments on all tests.

But adding "txt" ---------------------- file_list_rules = 1 file_list_1 = (?i)\.(txt|com|zip)$ file_list_1_scanner = 0 file_list_1_policy = save ---------------------- Anomy fails to detect the correct attachments on tests 4 and 19, but works fine on test1

Regards.



hosted by molar.is