[Esd-l] Need to bypass Sanitizer
Paul Thomas
paul at cuenet.com
Mon Apr 22 02:00:01 PDT 2002
Well, for my particular situation, I have made a new 'poisoned'
file by deleting all globbing of filetypes and leaving only
virii by name.
I did this hoping to quarantine know viruses but allow suspicous
extentions get MANGLEd by the MANGLED list and then forwarded to
the recipient.
It doesn't seem to have worked, just now, 'class.pif' was
quarantined.
Here is my setup in /etc/procmailrc:
:0
*
^(To:|Cc:|Received:).*@(domain1.com|domain2.com)
{
POISONED_EXECUTABLES=/etc/procmail/poisoned.new
MANGLE_EXTENSIONS='html?|bat|exe|com|cmd|pif|sc[rt]|lnk|dll|ocx|dot|xl[wt]|p[po]
t|rtf|vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[abew]|ms[ip]|r
eg|as[dfx]|cil|pps|wm[szd]|vcf|nws|\{[-0-9a-f]+\}'
}
The extention '*.pif' has been removed from:
POISONED_EXECUTABLES=/etc/procmail/poisoned.new
Any ideas why 'class.pif' was quarantined?
Thanks,
--Paul
--
Edward P. Tryon: "In answer to the question of why it happened,
I offer the modest proposal that our Universe is simply one of
those things which happen from time to time."
More information about the esd-l
mailing list