anomy-list

Re: Unexpected defanging of jpg images.

From: 145877@xyz.molar.is
Date: Tue 24 Apr 2007 - 16:22:40 GMT

  • Next message: Paolo: "Re: Unexpected defanging of jpg images."

    Is your file_list_1 set to defang? The problem could be there.

    -- Robert Litman

    Jeremy A <145783@xyz.molar.is>
    04/24/2007 11:59 AM

     
            To: 145826@xyz.molar.is
            cc:
            Subject: [anomy-list]: Unexpected defanging of jpg images.

    Hello,

    I have a problem with anomy tools version 1.76

    Using the following configuration segment .jpg files are being defanged
    as shown below. As far as I can see, this should not happen.

    Have I configured it incorrectly? or is there some other problem?

    The system with the problem is fully patched Centos 4.4 (RHEL 4.4)

    # Allow known "safe" file types and those that will be
    # scanned by the user's desktop virus scanner:
    file_list_2 = (?i)\.
    # Word processor and document formats:
    file_list_2 += (doc|dot|txt|rtf|pdf|sxw|e?ps|htm|[sp]?html?
    # Spreadsheets:
    file_list_2 += |xls|xlw|xlt|csv|sxc|wk[1-4]
    # Presentation applications:
    file_list_2 += |ppt|pps|pot|sxi
    # Bitmap graphic files:
    file_list_2 += |jpe?g|gif|png|tiff?|bmp|psd|pcx
    # Vector graphics and diagramming:
    file_list_2 += |vsd|drw|cdr|ai
    # Multimedia:
    file_list_2 += |mp3|avi|mpe?g|mov|qtw|ram?|ogg
    # address cards
    file_list_2 += |vcf
    # Archives:
    file_list_2 += |zip|g?z|tgz|bz2|tar
    # Source code:
    file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
    file_list_2_policy = accept
    file_list_2_scanner = 0

    unmodified file via server without anomy tools

    ------=_NextPart_000_0182_01C786C5.023C6420
    Content-Type: multipart/appledouble;
                     boundary="----=_NextPart_001_0185_01C786C5.023C6420"

    ------=_NextPart_001_0185_01C786C5.023C6420
    Content-Type: application/applefile;
                     name="Odyssey_OurPeopleAdd.jpg"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
                     filename="Odyssey_OurPeopleAdd.jpg"

    AAUWBwACAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAADAAAAVgAAABgAAAAIAAAAlgAAABAAAAAJAAAA
    pgAAACAAAAAKAAAAxgAAAAQAAAACAAAAygAAtZVPZHlzc2V5X091clBlb3BsZUFkZC5qcGcAAAAA

    DEFANGED file via server running anomy tools

    --MIMEStream=_0+275927_2941825512992_0163557118
    Content-Type: multipart/appledouble;
    boundary="MIMEStream=_1+203016_7919987929293_10848136766"

    --MIMEStream=_1+203016_7919987929293_10848136766
    Content-Type: application/DEFANGED-2059;
    name="Odyssey_OurPeopleAdd_jpg.DEFANGED-2059"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="Odyssey_OurPeopleAdd_jpg.DEFANGED-2059"

    AAUWBwACAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAADAAAAVgAAABgAAAAIAAAAlgAAABAAAAAJAAAA
    pgAAACAAAAAKAAAAxgAAAAQAAAACAAAAygAAtZVPZHlzc2V5X091clBlb3BsZUFkZC5qcGcAAAAA

    Attachments:

    hosted by molar.is