path: root/mail-filter/anomy-sanitizer/files/anomy.conf

# Example configuration file for Anomy Sanitizer 
#
# Thiemo Kellner, thiemo@thiam.ch, 2003-05-29
# Based on http://advosys.ca/papers/postfix-filtering.html,
# Advosys Consulting Inc., Ottawa
#
# Works with Anomy Sanitizer revision 1.60


 # Warn user about unscanned parts, etc.
 feat_verbose = 1
 
 # Inline logs: 0 = Off, 1 =  Maybe, 2 = Force
 feat_log_inline = 1
 
 # Print log to standard error: 0 = Off, 1 = On
 feat_log_stderr = 1
 
 # Don't use XML format for logs.
 feat_log_xml = 0
 
 # Omit trace info from logs.
 feat_log_trace = 0
 
 # Don't add any scratch space to part headers.
 feat_log_after = 0
 
 # Enable filename-based policy decisions.
 feat_files = 1
 
 # Force all parts (except text/plain and
 # text/html parts) to have file names: 0 = Off, 1 = On
 feat_force_name = 1
 
 # Replace all boundary strings with our own
 # NOTE:  Always breaks PGP/MIME messages!
 feat_boundaries = 0
 
 # Protect against buffer overflows and null values.
 feat_lengths = 1
 
 # Defang incoming shell scripts.
 feat_scripts = 1
 
 # Defang active HTML content.
 feat_html = 1
 
 # Web-bugs are allowed.
 feat_webbugs = 0
 
 # Don't scan PGP signed message parts: 0 = Don't scan (???)
 feat_trust_pgp = 0
 msg_pgp_warning = WARNING: Unsanitized content follows.\n
 
 # Sanitize inline uuencoded files.
 feat_uuencoded = 1
 
 # Sanitize forwarded messages
 feat_forwards = 1
 
 # Set to 0 if going productive (This isn't a test-case configuration.)
 feat_testing = 1
 
 # Fix invalid MIME, if possible.
 feat_fixmime = 1
 
 # Don't be excessively paranoid about MIME headers etc.
 feat_paranoid = 0 
 
 # Advertisement to insert in each mail header:
 header_info = X-Sanitizer: Anomy Sanitizer mail filter
 header_url = 0
 header_rev = 0

 
 #
 # Scoring
 #
 
 # Any message requring this many modifications
 # will cause the sanitizer to return a non-zero
 # exit code after processing the entire message.
 # To disable set to 0.
 score_bad = 100
 #score_panic = 0
 
 msg_file_drop  = \n*****\n
 msg_file_drop += NOTE: An attachment named %FILENAME was deleted from 
 msg_file_drop += this message because it contained a (windows) executable 
 msg_file_drop += or other potentially dangerous file type. 
 msg_file_drop += If you really need this attachment, have it re-sent 
 msg_file_drop += encapsulated, e.g. in a zip or tgz archive or contact your 
 msg_file_drop += mail system administrator.

 #
 # You may need to increase the following if you have a very
 # complex configuration split between multiple files.
 #
 # Thiemo Kellner, thiemo@thiam.ch, 2003-05-31
 # max_conf_recursions does not work with 1.60
 #max_conf_recursions = 5    # The default is 5.
 #
 # Create temporary or saved files using this template.
 # An attachment named "dude.txt" might be saved as 
 #
 #  /var/quarantine/att-dude-txt.A9Y
 #
 # Note:  The directory must exist and be writable by
 # the user running the sanitizer.
 # (supposedly: $F -> file name, $$$ -> three arbitrary characters)
 file_name_tpl = /var/spool/sanitizer/att-$F.$$$
 
 # We have three policies, in addition to the default which is
 # to defang file names.
 #
 file_list_rules = 3
 file_default_policy = defang
 file_default_filename = unnamed.file
   
 # Delete obviously executable attachments.  This list is
 # incomplete!  This is a perl regular expression, see "man 
 # perlre" for info.  The (?i) prefix makes the regexp case 
 # insensitive.
 #
 file_list_1 = (?i)(winmail.dat)|
 file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct
 file_list_1 += |inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
 file_list_1_policy = drop
 file_list_1_scanner = 0
 
 # Scan WinWord and Excel attachments with built-in macro scanner.
 # We consider anything exceeding the score of 25 to be dangerous,
 # and save it in the quarantine.
 #
 file_list_2 = (?i)\.(doc|dot|xls|xlw)$
 file_list_2_policy = accept:accept:save:save
 file_list_2_scanner = 0:1:2:builtin/macro 25# Do not log to STDERR:
 
 # Allow file types considered "safe" (DO NOT JUST TRUST THIS LIST!)
 file_list_3 = (?i)\.(
 #  Plain ASCII formats:
 file_list_3 += txt|rtf|csv|dxf|htm|[sp]?html?|xml|xslt?|dtd|css|sgml
 #  PostScript (like) formats:
 file_list_3 += |pdf|e?ps
 #  Word processor and document formats:
 file_list_3 += |doc|dot|kwd|stw
 #  Spreadsheets:
 file_list_3 += |xls|xlw|xlt|wk[1-4]|stc|ksp|gnumeric
 #  Presentation applications:
 file_list_3 += |ppt|pps|pot|kpr|chrt
 #  Type setting formats:
 file_list_3 += |dvi|texi?|tfm|txi|texinfo
 #  Flow charting:
 file_list_3 += |flw
 #  Bitmap graphic files (maybe some are actually vector graphic formats):
 file_list_3 += |jpe?g|gif|png|tiff?|bmp|psd|pcx|xcf|pat|pix|pnm|sgi|snp|ras|tga
 file_list_3 += |xwd|xpm|dib|rle|cal|cas|pat|bmf|cel|cex|cgm|ico|img|jfi|jif|raw
 file_list_3 += |crw|sun
 #  Vector graphics and diagramming:
 file_list_3 += |vsd|drw|cdr|swf|pct|pict|kpm|kon
 #  Multimedia:
 file_list_3 += |mp[23]|avi|mpe?g|mov|ram?|midi?|ogg|aiff?|au|snd|wav
 #  Archives:
 file_list_3 += |zip|g?z|rar|tgz|t?bz2|tar|sit|sea|arc
 #  Package formats:
 file_list_3 += |rpm|deb
 #  Others:
 file_list_3 += |kfo
 #  Source code:
 file_list_3 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas|ebuild)
 file_list_3_policy = accept
 file_list_3_scanner = 0
 
 # Any file type not listed above gets renamed to prevent
 # the mail client from auto-executing it.
 
 #
 # More sample file lists
 #
 # Scan mp3 files for Evil Viruses, using the imaginary mp3virscan
 # utility.  Always define FOUR potential policies, which depend on the
 # exit code returned by the scanner.  Which code means what is 
 # defined in the scanner line, which must contain THREE entries.
 # The fourth policy is used for "anything else".
 #
 #   "accept" if the file is clean (exit status 0 or 1)
 #   "mangle" if the file was dirty, but is now clean (2 or 4)
 #   "drop"   if the file is still dirty (66)
 #   "save"   if the mp3virscan utility returns some other exit code
 #            or an error occurs.
 #
 #file_list_4 = (?i)\.(mp3|mp2|mpg)$
 #file_list_4_policy = accept:mangle:drop:save
 #file_list_4_scanner = 0,1:2,4:66:/path/to/mp3virscan -opt -f %FILENAME
 
 # Archives and scriptable stuff - virus scan these.
 # NOTE:  There must be THREE groups of exit codes and FOUR policies,
 #      - the first three match the code groups, the fourth is default.
 #
 #file_list_5_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME
 #file_list_5_policy  = accept:accept:save:save
 #file_list_5         = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html?
 #file_list_5        += |class|upd|wp\d?|m?db
 #file_list_5        += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
 #file_list_5        += )(\.g?z|\.bz\d?)*$