You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
208 lines
6.6 KiB
208 lines
6.6 KiB
# Example configuration file for Anomy Sanitizer
|
|
#
|
|
# Thiemo Kellner, thiemo@thiam.ch, 2003-05-29
|
|
# Based on http://advosys.ca/papers/postfix-filtering.html,
|
|
# Advosys Consulting Inc., Ottawa
|
|
#
|
|
# Works with Anomy Sanitizer revision 1.60
|
|
|
|
|
|
# Warn user about unscanned parts, etc.
|
|
feat_verbose = 1
|
|
|
|
# Inline logs: 0 = Off, 1 = Maybe, 2 = Force
|
|
feat_log_inline = 1
|
|
|
|
# Print log to standard error: 0 = Off, 1 = On
|
|
feat_log_stderr = 1
|
|
|
|
# Don't use XML format for logs.
|
|
feat_log_xml = 0
|
|
|
|
# Omit trace info from logs.
|
|
feat_log_trace = 0
|
|
|
|
# Don't add any scratch space to part headers.
|
|
feat_log_after = 0
|
|
|
|
# Enable filename-based policy decisions.
|
|
feat_files = 1
|
|
|
|
# Force all parts (except text/plain and
|
|
# text/html parts) to have file names: 0 = Off, 1 = On
|
|
feat_force_name = 1
|
|
|
|
# Replace all boundary strings with our own
|
|
# NOTE: Always breaks PGP/MIME messages!
|
|
feat_boundaries = 0
|
|
|
|
# Protect against buffer overflows and null values.
|
|
feat_lengths = 1
|
|
|
|
# Defang incoming shell scripts.
|
|
feat_scripts = 1
|
|
|
|
# Defang active HTML content.
|
|
feat_html = 1
|
|
|
|
# Web-bugs are allowed.
|
|
feat_webbugs = 0
|
|
|
|
# Don't scan PGP signed message parts: 0 = Don't scan (???)
|
|
feat_trust_pgp = 0
|
|
msg_pgp_warning = WARNING: Unsanitized content follows.\n
|
|
|
|
# Sanitize inline uuencoded files.
|
|
feat_uuencoded = 1
|
|
|
|
# Sanitize forwarded messages
|
|
feat_forwards = 1
|
|
|
|
# Set to 0 if going productive (This isn't a test-case configuration.)
|
|
feat_testing = 1
|
|
|
|
# Fix invalid MIME, if possible.
|
|
feat_fixmime = 1
|
|
|
|
# Don't be excessively paranoid about MIME headers etc.
|
|
feat_paranoid = 0
|
|
|
|
# Advertisement to insert in each mail header:
|
|
header_info = X-Sanitizer: Anomy Sanitizer mail filter
|
|
header_url = 0
|
|
header_rev = 0
|
|
|
|
|
|
#
|
|
# Scoring
|
|
#
|
|
|
|
# Any message requring this many modifications
|
|
# will cause the sanitizer to return a non-zero
|
|
# exit code after processing the entire message.
|
|
# To disable set to 0.
|
|
score_bad = 100
|
|
#score_panic = 0
|
|
|
|
msg_file_drop = \n*****\n
|
|
msg_file_drop += NOTE: An attachment named %FILENAME was deleted from
|
|
msg_file_drop += this message because it contained a (windows) executable
|
|
msg_file_drop += or other potentially dangerous file type.
|
|
msg_file_drop += If you really need this attachment, have it re-sent
|
|
msg_file_drop += encapsulated, e.g. in a zip or tgz archive or contact your
|
|
msg_file_drop += mail system administrator.
|
|
|
|
#
|
|
# You may need to increase the following if you have a very
|
|
# complex configuration split between multiple files.
|
|
#
|
|
# Thiemo Kellner, thiemo@thiam.ch, 2003-05-31
|
|
# max_conf_recursions does not work with 1.60
|
|
#max_conf_recursions = 5 # The default is 5.
|
|
#
|
|
# Create temporary or saved files using this template.
|
|
# An attachment named "dude.txt" might be saved as
|
|
#
|
|
# /var/quarantine/att-dude-txt.A9Y
|
|
#
|
|
# Note: The directory must exist and be writable by
|
|
# the user running the sanitizer.
|
|
# (supposedly: $F -> file name, $$$ -> three arbitrary characters)
|
|
file_name_tpl = /var/spool/sanitizer/att-$F.$$$
|
|
|
|
# We have three policies, in addition to the default which is
|
|
# to defang file names.
|
|
#
|
|
file_list_rules = 3
|
|
file_default_policy = defang
|
|
file_default_filename = unnamed.file
|
|
|
|
# Delete obviously executable attachments. This list is
|
|
# incomplete! This is a perl regular expression, see "man
|
|
# perlre" for info. The (?i) prefix makes the regexp case
|
|
# insensitive.
|
|
#
|
|
file_list_1 = (?i)(winmail.dat)|
|
|
file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct
|
|
file_list_1 += |inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
|
|
file_list_1_policy = drop
|
|
file_list_1_scanner = 0
|
|
|
|
# Scan WinWord and Excel attachments with built-in macro scanner.
|
|
# We consider anything exceeding the score of 25 to be dangerous,
|
|
# and save it in the quarantine.
|
|
#
|
|
file_list_2 = (?i)\.(doc|dot|xls|xlw)$
|
|
file_list_2_policy = accept:accept:save:save
|
|
file_list_2_scanner = 0:1:2:builtin/macro 25# Do not log to STDERR:
|
|
|
|
# Allow file types considered "safe" (DO NOT JUST TRUST THIS LIST!)
|
|
file_list_3 = (?i)\.(
|
|
# Plain ASCII formats:
|
|
file_list_3 += txt|rtf|csv|dxf|htm|[sp]?html?|xml|xslt?|dtd|css|sgml
|
|
# PostScript (like) formats:
|
|
file_list_3 += |pdf|e?ps
|
|
# Word processor and document formats:
|
|
file_list_3 += |doc|dot|kwd|stw
|
|
# Spreadsheets:
|
|
file_list_3 += |xls|xlw|xlt|wk[1-4]|stc|ksp|gnumeric
|
|
# Presentation applications:
|
|
file_list_3 += |ppt|pps|pot|kpr|chrt
|
|
# Type setting formats:
|
|
file_list_3 += |dvi|texi?|tfm|txi|texinfo
|
|
# Flow charting:
|
|
file_list_3 += |flw
|
|
# Bitmap graphic files (maybe some are actually vector graphic formats):
|
|
file_list_3 += |jpe?g|gif|png|tiff?|bmp|psd|pcx|xcf|pat|pix|pnm|sgi|snp|ras|tga
|
|
file_list_3 += |xwd|xpm|dib|rle|cal|cas|pat|bmf|cel|cex|cgm|ico|img|jfi|jif|raw
|
|
file_list_3 += |crw|sun
|
|
# Vector graphics and diagramming:
|
|
file_list_3 += |vsd|drw|cdr|swf|pct|pict|kpm|kon
|
|
# Multimedia:
|
|
file_list_3 += |mp[23]|avi|mpe?g|mov|ram?|midi?|ogg|aiff?|au|snd|wav
|
|
# Archives:
|
|
file_list_3 += |zip|g?z|rar|tgz|t?bz2|tar|sit|sea|arc
|
|
# Package formats:
|
|
file_list_3 += |rpm|deb
|
|
# Others:
|
|
file_list_3 += |kfo
|
|
# Source code:
|
|
file_list_3 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas|ebuild)
|
|
file_list_3_policy = accept
|
|
file_list_3_scanner = 0
|
|
|
|
# Any file type not listed above gets renamed to prevent
|
|
# the mail client from auto-executing it.
|
|
|
|
#
|
|
# More sample file lists
|
|
#
|
|
# Scan mp3 files for Evil Viruses, using the imaginary mp3virscan
|
|
# utility. Always define FOUR potential policies, which depend on the
|
|
# exit code returned by the scanner. Which code means what is
|
|
# defined in the scanner line, which must contain THREE entries.
|
|
# The fourth policy is used for "anything else".
|
|
#
|
|
# "accept" if the file is clean (exit status 0 or 1)
|
|
# "mangle" if the file was dirty, but is now clean (2 or 4)
|
|
# "drop" if the file is still dirty (66)
|
|
# "save" if the mp3virscan utility returns some other exit code
|
|
# or an error occurs.
|
|
#
|
|
#file_list_4 = (?i)\.(mp3|mp2|mpg)$
|
|
#file_list_4_policy = accept:mangle:drop:save
|
|
#file_list_4_scanner = 0,1:2,4:66:/path/to/mp3virscan -opt -f %FILENAME
|
|
|
|
# Archives and scriptable stuff - virus scan these.
|
|
# NOTE: There must be THREE groups of exit codes and FOUR policies,
|
|
# - the first three match the code groups, the fourth is default.
|
|
#
|
|
#file_list_5_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME
|
|
#file_list_5_policy = accept:accept:save:save
|
|
#file_list_5 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html?
|
|
#file_list_5 += |class|upd|wp\d?|m?db
|
|
#file_list_5 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
|
|
#file_list_5 += )(\.g?z|\.bz\d?)*$
|
|
|
|
|