| # Example configuration file for Anomy Sanitizer |
| # |
| # Thiemo Kellner, thiemo@thiam.ch, 2003-05-29 |
| # Based on http://advosys.ca/papers/postfix-filtering.html, |
| # Advosys Consulting Inc., Ottawa |
| # |
| # Works with Anomy Sanitizer revision 1.60 |
| |
| |
| # Warn user about unscanned parts, etc. |
| feat_verbose = 1 |
| |
| # Inline logs: 0 = Off, 1 = Maybe, 2 = Force |
| feat_log_inline = 1 |
| |
| # Print log to standard error: 0 = Off, 1 = On |
| feat_log_stderr = 1 |
| |
| # Don't use XML format for logs. |
| feat_log_xml = 0 |
| |
| # Omit trace info from logs. |
| feat_log_trace = 0 |
| |
| # Don't add any scratch space to part headers. |
| feat_log_after = 0 |
| |
| # Enable filename-based policy decisions. |
| feat_files = 1 |
| |
| # Force all parts (except text/plain and |
| # text/html parts) to have file names: 0 = Off, 1 = On |
| feat_force_name = 1 |
| |
| # Replace all boundary strings with our own |
| # NOTE: Always breaks PGP/MIME messages! |
| feat_boundaries = 0 |
| |
| # Protect against buffer overflows and null values. |
| feat_lengths = 1 |
| |
| # Defang incoming shell scripts. |
| feat_scripts = 1 |
| |
| # Defang active HTML content. |
| feat_html = 1 |
| |
| # Web-bugs are allowed. |
| feat_webbugs = 0 |
| |
| # Don't scan PGP signed message parts: 0 = Don't scan (???) |
| feat_trust_pgp = 0 |
| msg_pgp_warning = WARNING: Unsanitized content follows.\n |
| |
| # Sanitize inline uuencoded files. |
| feat_uuencoded = 1 |
| |
| # Sanitize forwarded messages |
| feat_forwards = 1 |
| |
| # Set to 0 if going productive (This isn't a test-case configuration.) |
| feat_testing = 1 |
| |
| # Fix invalid MIME, if possible. |
| feat_fixmime = 1 |
| |
| # Don't be excessively paranoid about MIME headers etc. |
| feat_paranoid = 0 |
| |
| # Advertisement to insert in each mail header: |
| header_info = X-Sanitizer: Anomy Sanitizer mail filter |
| header_url = 0 |
| header_rev = 0 |
| |
| |
| # |
| # Scoring |
| # |
| |
| # Any message requring this many modifications |
| # will cause the sanitizer to return a non-zero |
| # exit code after processing the entire message. |
| # To disable set to 0. |
| score_bad = 100 |
| #score_panic = 0 |
| |
| msg_file_drop = \n*****\n |
| msg_file_drop += NOTE: An attachment named %FILENAME was deleted from |
| msg_file_drop += this message because it contained a (windows) executable |
| msg_file_drop += or other potentially dangerous file type. |
| msg_file_drop += If you really need this attachment, have it re-sent |
| msg_file_drop += encapsulated, e.g. in a zip or tgz archive or contact your |
| msg_file_drop += mail system administrator. |
| |
| # |
| # You may need to increase the following if you have a very |
| # complex configuration split between multiple files. |
| # |
| # Thiemo Kellner, thiemo@thiam.ch, 2003-05-31 |
| # max_conf_recursions does not work with 1.60 |
| #max_conf_recursions = 5 # The default is 5. |
| # |
| # Create temporary or saved files using this template. |
| # An attachment named "dude.txt" might be saved as |
| # |
| # /var/quarantine/att-dude-txt.A9Y |
| # |
| # Note: The directory must exist and be writable by |
| # the user running the sanitizer. |
| # (supposedly: $F -> file name, $$$ -> three arbitrary characters) |
| file_name_tpl = /var/spool/sanitizer/att-$F.$$$ |
| |
| # We have three policies, in addition to the default which is |
| # to defang file names. |
| # |
| file_list_rules = 3 |
| file_default_policy = defang |
| file_default_filename = unnamed.file |
| |
| # Delete obviously executable attachments. This list is |
| # incomplete! This is a perl regular expression, see "man |
| # perlre" for info. The (?i) prefix makes the regexp case |
| # insensitive. |
| # |
| file_list_1 = (?i)(winmail.dat)| |
| file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct |
| file_list_1 += |inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$ |
| file_list_1_policy = drop |
| file_list_1_scanner = 0 |
| |
| # Scan WinWord and Excel attachments with built-in macro scanner. |
| # We consider anything exceeding the score of 25 to be dangerous, |
| # and save it in the quarantine. |
| # |
| file_list_2 = (?i)\.(doc|dot|xls|xlw)$ |
| file_list_2_policy = accept:accept:save:save |
| file_list_2_scanner = 0:1:2:builtin/macro 25# Do not log to STDERR: |
| |
| # Allow file types considered "safe" (DO NOT JUST TRUST THIS LIST!) |
| file_list_3 = (?i)\.( |
| # Plain ASCII formats: |
| file_list_3 += txt|rtf|csv|dxf|htm|[sp]?html?|xml|xslt?|dtd|css|sgml |
| # PostScript (like) formats: |
| file_list_3 += |pdf|e?ps |
| # Word processor and document formats: |
| file_list_3 += |doc|dot|kwd|stw |
| # Spreadsheets: |
| file_list_3 += |xls|xlw|xlt|wk[1-4]|stc|ksp|gnumeric |
| # Presentation applications: |
| file_list_3 += |ppt|pps|pot|kpr|chrt |
| # Type setting formats: |
| file_list_3 += |dvi|texi?|tfm|txi|texinfo |
| # Flow charting: |
| file_list_3 += |flw |
| # Bitmap graphic files (maybe some are actually vector graphic formats): |
| file_list_3 += |jpe?g|gif|png|tiff?|bmp|psd|pcx|xcf|pat|pix|pnm|sgi|snp|ras|tga |
| file_list_3 += |xwd|xpm|dib|rle|cal|cas|pat|bmf|cel|cex|cgm|ico|img|jfi|jif|raw |
| file_list_3 += |crw|sun |
| # Vector graphics and diagramming: |
| file_list_3 += |vsd|drw|cdr|swf|pct|pict|kpm|kon |
| # Multimedia: |
| file_list_3 += |mp[23]|avi|mpe?g|mov|ram?|midi?|ogg|aiff?|au|snd|wav |
| # Archives: |
| file_list_3 += |zip|g?z|rar|tgz|t?bz2|tar|sit|sea|arc |
| # Package formats: |
| file_list_3 += |rpm|deb |
| # Others: |
| file_list_3 += |kfo |
| # Source code: |
| file_list_3 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas|ebuild) |
| file_list_3_policy = accept |
| file_list_3_scanner = 0 |
| |
| # Any file type not listed above gets renamed to prevent |
| # the mail client from auto-executing it. |
| |
| # |
| # More sample file lists |
| # |
| # Scan mp3 files for Evil Viruses, using the imaginary mp3virscan |
| # utility. Always define FOUR potential policies, which depend on the |
| # exit code returned by the scanner. Which code means what is |
| # defined in the scanner line, which must contain THREE entries. |
| # The fourth policy is used for "anything else". |
| # |
| # "accept" if the file is clean (exit status 0 or 1) |
| # "mangle" if the file was dirty, but is now clean (2 or 4) |
| # "drop" if the file is still dirty (66) |
| # "save" if the mp3virscan utility returns some other exit code |
| # or an error occurs. |
| # |
| #file_list_4 = (?i)\.(mp3|mp2|mpg)$ |
| #file_list_4_policy = accept:mangle:drop:save |
| #file_list_4_scanner = 0,1:2,4:66:/path/to/mp3virscan -opt -f %FILENAME |
| |
| # Archives and scriptable stuff - virus scan these. |
| # NOTE: There must be THREE groups of exit codes and FOUR policies, |
| # - the first three match the code groups, the fourth is default. |
| # |
| #file_list_5_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME |
| #file_list_5_policy = accept:accept:save:save |
| #file_list_5 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html? |
| #file_list_5 += |class|upd|wp\d?|m?db |
| #file_list_5 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz |
| #file_list_5 += )(\.g?z|\.bz\d?)*$ |
| |
| |