# Configuration file for Anomy Sanitizer # # Based on a file from Advosys Consulting Inc., Ottawa # http://advosys.ca/papers/postfix-filtering.html # # Works with Anomy Sanitizer revision 1.60 # # Doctored by Robin Whittle http://www.firstpr.com.au/web-mail/ # # All config items are set explicitly, with their defaults marked "*", # as per http://mailtools.anomy.net/sanitizer.html on 2003-05-31. # Warn user about unscanned parts, etc. # 0 Don't warn. # * 1 Warn. # feat_verbose = 1 # Insert log in the message itself. # 0 Off. # * 1 Maybe. # 2 Force. # feat_log_inline = 0 # Log to STDERR: # 0 Don't log. # * 1 Log. # feat_log_stderr = 1 # XML format for logs. # * 0 Off. # 1 On. # feat_log_xml = 0 # Include trace info from logs. # * 0 Off. # 1 Include. # feat_log_trace = 0 # Add scratch space to part headers. # * 0 Off. # 1 Add. # feat_log_after = 0 # Enable filename-based policy decisions. # 0 Off. # * 1 Enable. # feat_files = 1 # Force all parts (except text/html parts) to have file names. # * 0 Don't force. # 1 Force. # feat_force_name = 0 # Replace all boundary strings with our own # NOTE: Always breaks PGP/MIME messages! # * 0 Off. # 1 Replace. # feat_boundaries = 0 # Protect against buffer overflows and null values. # 0 Off. # * 1 Protect. # feat_lengths = 1 # Defang incoming shell scripts. # 0 Off. # * 1 On. # feat_scripts = 1 # Defang active HTML content - Javascript and more. # 0 Off. # * 1 Defang. # feat_html = 1 # Allow Web-bugs. # * 0 Allow. # 1 Disallow. # feat_webbugs = 0 # Scan PGP signed message parts. See custom message below. # * 0 Don't scan. # 1 Scan # feat_trust_pgp = 0 # Sanitize inline uuencoded files. Bjarni R. Einarsson wrote: # This should always be set to 1, or people will be able to send you # uuencoded viruses/attachments and they'll slip by the sanitizer. # Also, if this is 0 then uuencoded attachments won't be detected as # such, and will instead get treated as text or HTML - and will get # corrupted by the HTML cleaner. # # 0 Don't sanitize. # * 1 Sanitize. # feat_uuencoded = 1 # Sanitize forwarded messages. # 0 Don't sanitize. # * 1 Sanitize. # feat_forwards = 1 # This isn't a test-case configuration. # * 0 Not testing. # 1 Test case. # feat_testing = 0 # Fix invalid MIME, if possible. # 0 Don't fix. # * 1 Fix. # feat_fixmime = 1 # Paranoia about MIME headers etc. # * 0 Don't be excessively paraniod. # 1 ??? # feat_paranoid = 0 # Scoring and exit status. # Any message requring this many modifications # will cause the sanitizer to return a non-zero # exit code after processing the entire message. # # eg. the default: score_bad = 100 # # Here, this is disabled: # score_bad = 0 # Depth of recursion when including config files. # Default = 5. I left it alone. # # max_conf_recursions = 5 # Temp file and quarantine directory. This must exist # and be writable by the user running the sanitizer. # Temporary or saved files are created using this template. # # file_name_tpl = /var/quarantine/att-$F-$T.$$$ # # An attachment named "dude.txt" might be saved as # # /var/quarantine/att-dude-txt.A9Y # file_name_tpl = /var/spool/anomy/att-$F-$T.$$$ # Add two lines of informational headers to each message. # # header_info = X-Sanitizer: Gotcha! # header_info += \nX-Gotcha: Sanitizer! # # Here is my version: # header_info = X-Sanitizer: Spam Assassin and Anomy Sanitizer - see http://www.firstpr.com.au/web-mail/. # Diasble these built-in headers: # header_url = 0 header_rev = 0 # Message to begin the log. # msg_log_prefix = This message has been sanitized - it may have been altered \n msg_log_prefix += to improve security, as described below. \n # Define a new, more informative message, for when a file is # dropped. # msg_file_drop = \n*** Attached file dropped ***\n msg_file_drop += An attachment named %FILENAME was deleted from this \n msg_file_drop += message because it contained a Windows executable \n msg_file_drop += or other potentially dangerous file type. \n msg_file_drop += Contact the system administrator for more information. \n # Message suitable for not scanning PGP messages. # msg_pgp_warning = PGP encrpted content follows and has not been sanitized. \n # Default policy for attached files which do not match any policy. # One of: # accept = Leave the attachment in the message unchanged. # * defang = Accept the file but mangle name to make it less dangerous. # mangle = Alter the file name completely. # save = Remove from the message, but save in the file_name_tpl directory. # drop = Remove from the message - but a truncated version of the # attachment remains. # # file_default_policy = defang # See this entry in the CHANGELOG for version 1.60: # # Made the filename checker check ALL possible file names against # each rule, instead of just checking the "default" one. If # feat_mime_files is set, then the default file-name for that mime # type will be checked as well. This is a major improvement to # security, but requires that filename rules are ordered so that # all DROP/DEFANG/MANGLE rules precede any ACCEPT rules. # Beyond here no more items have defaults. # Number of rulesets we are defining. # file_list_rules = 2 # Both the following rule sets do not use an external scanner # program. #### Rule 1 Drop (delete) probably nasty attachments. #### #### # # # In pactice with long virus executables, Anomy passes on to # the output message a shortened and in some way changed # version of the file with a different, non executable, # extension. # # The (?i) prefix makes the regexp case insensitive. # # Note, starting with version 1.56, the following will still # match file names with spaces such as: # # name=CODE .bat # # which are invalid MIME, should not produce a file which # has an executable extension, but nonetheless are sometimes # created by the Bugbear virus. file_list_1_scanner = 0 file_list_1_policy = drop file_list_1 = (?i)(winmail.dat)| file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf file_list_1 += |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|eml|nws))$ #### Rule 2 Allow known "safe" file types and those that may be #### scanned by the user's desktop virus scanner. #### file_list_2_scanner = 0 file_list_2_policy = accept file_list_2 = (?i)\. # Word processor and document formats: file_list_2 += (doc|dot|txt|rtf|pdf|ps|htm|[sp]?html? # Spreadsheets: file_list_2 += |xls|xlw|xlt|csv|wk[1-4] # Presentation applications: file_list_2 += |ppt|pps|pot # Bitmap graphic files: file_list_2 += |jpe?g|gif|png|tiff?|bmp|psd|pcx|jpg # Vector graphics and diagramming: file_list_2 += |vsd|drw|cdr|swf # Multimedia: file_list_2 += |mp3|avi|mpe?g|mov|ram?|mid|ogg|vcf # Archives: file_list_2 += |zip|g?z|rar|tgz|bz2|tar # Source code: file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas) # Any file type not listed above gets renamed to prevent # MS Outlook from auto-executing it - because, above, we # have already specified: # # file_default_policy = defang