105 lines
3.0 KiB
105 lines
3.0 KiB
# Do not log to STDERR: |
|
feat_log_stderr = 0 |
|
feat_log_inline = 0 |
|
feat_log_xml = 0 |
|
|
|
# Advertisement to insert in each mail header: |
|
header_info = X-Sanitizer: Anomy Mail Sanitizer |
|
header_url = 0 |
|
header_rev = 0 |
|
|
|
# Enable filename based policy decisions: |
|
feat_files = 1 |
|
|
|
# Protect against buffer overflows and null values: |
|
feat_lengths = 1 |
|
|
|
# Fix invalid and ambiguous MIME boundaries, if possible: |
|
feat_fixmime = 1 |
|
|
|
# Trust signed and/or encrypted messages: |
|
feat_trust_pgp = 1 |
|
msg_pgp_warning = WARNING: Unsanitized content follows.\n |
|
|
|
# Defang shell scripts: |
|
feat_scripts = 1 |
|
|
|
# Defang active HTML: |
|
feat_html = 0 |
|
|
|
# Defang UUEncoded files: |
|
feat_uuencoded = 1 |
|
|
|
# Sanitize forwarded content too: |
|
feat_forwards = 1 |
|
|
|
# Testing? Set to 1 for testing, 0 for production: |
|
feat_testing = 0 |
|
|
|
# Warn user about unscanned parts, etc. |
|
feat_verbose = 1 |
|
|
|
# Force all parts (except text/html parts) to |
|
# have file names. |
|
feat_force_name = 1 |
|
|
|
# Disable web bug |
|
feat_webbugs = 1 |
|
|
|
# Disable "score" based mail discarding: |
|
score_panic = 0 |
|
score_bad = 0 |
|
|
|
# Define message for dropped files |
|
|
|
msg_file_drop = \n*****\n |
|
msg_file_drop += NOTE: An attachment named %FILENAME was deleted from this message\n |
|
msg_file_drop += because it contained a windows executable or other potentially\n |
|
msg_file_drop += dangerous file type.\n\n |
|
msg_file_drop += Contact the system administrator for more information.\n |
|
|
|
|
|
## |
|
## File attachment name mangling rules: |
|
## |
|
|
|
# Specify the Anomy temp file and quarantine directory |
|
file_name_tpl = /var/opt/anomy/quarantine/att-$F-$T.$$ |
|
|
|
# Number of rulesets we are defining: |
|
file_list_rules = 4 |
|
|
|
# Quarantine dangerous attachments: |
|
file_list_1 = (?i)(winmail.dat)| |
|
file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf |
|
file_list_1 += |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$ |
|
file_list_1_policy = save |
|
file_list_1_scanner = 0 |
|
|
|
# Allow through some safe file types |
|
file_list_2 = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp |
|
file_list_2 += |mp[32]|wav|au|ram? |
|
file_list_2 += |avi|mov|mpe?g |
|
file_list_2 += |t(xt|ex)|csv|l(og|yx)|sql|jtmpl |
|
file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|pa(tch|s)|java|php\d? |
|
file_list_2 += |[ja]sp |
|
file_list_2 += |patch|diff |
|
file_list_2 += |can|pos|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*$ |
|
file_list_2_policy = accept |
|
file_list_2_scanner = 0 |
|
|
|
# Scan potentially dangerous filetypes and quarantine if infected |
|
file_list_3 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|html|pdf |
|
file_list_3 += |sxw|sxc |
|
file_list_3 += |class|swf|upd|wp\d?|m?db |
|
file_list_3 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz |
|
file_list_3 += )(\.g?z|\.bz\d?)*$ |
|
file_list_3_policy = accept:accept:save:save |
|
file_list_3_scanner = 0:2:3:/opt/anomy/bin/check_for_virus %FILENAME |
|
|
|
# Scan everyting else and mangle the file name (to prevent Outlook from |
|
# auto-executing something) |
|
file_list_4 = (?i)(.*) |
|
file_list_4_policy = defang:defang:save:save |
|
file_list_4_scanner = 0:2:3:/opt/anomy/bin/check_for_virus %FILENAME |
|
|
|
|