--- sanitizer-1.76.orig/Makefile
+++ sanitizer-1.76/Makefile
@@ -0,0 +1,10 @@
+# created for Debian
+
+DESTDIR=
+
+install:
+ install bin/sanitizer.pl $(DESTDIR)/usr/bin/sanitizer
+ install bin/simplify.pl $(DESTDIR)/usr/bin/simplify
+ cp -a contrib/* $(DESTDIR)/usr/share/sanitizer/contrib
+ cp -a testcases/* $(DESTDIR)/usr/share/sanitizer/testcases
+ cp -a bin/Anomy $(DESTDIR)/usr/share/perl5
--- sanitizer-1.76.orig/bin/Anomy/HTMLCleaner.pm
+++ sanitizer-1.76/bin/Anomy/HTMLCleaner.pm
@@ -818,6 +818,10 @@
#
# Either way, we have to keep track of them ...
+ # DEBIAN: Modified for Debian
+ # DEBIAN: Don't attempt to clean X-Face headers
+ return $leftovers if ($$data_ptr=~/^X-Face.*/i);
+
# Special handling of blocks.
if (length($$data_ptr) < $self->{"conf"}->{"MaxLeftoverSize"})
{
--- sanitizer-1.76.orig/bin/Anomy/MIMEStream.pm
+++ sanitizer-1.76/bin/Anomy/MIMEStream.pm
@@ -343,7 +343,7 @@
# poorly written viruses.
$headers->{$header} .= " ".$line;
}
- elsif ($line =~ /^([^\s]+):\s(.*)$/)
+ elsif ($line =~ /^([^\s]+):\s*(.*)$/)
{
$header = lc($1);
$headers->{$header} .= $2.$LF;
--- sanitizer-1.76.orig/bin/Anomy/Sanitizer.pm
+++ sanitizer-1.76/bin/Anomy/Sanitizer.pm
@@ -2023,6 +2023,9 @@
}
# Remove any active HTML from header.
+ # DEBIAN: Do we really need this, since HTML is hardly parsed in the headers.
+ # DEBIAN: Until further notice, I have added an exception in MIMEStream::clean(),
+ # DEBIAN: if people keep complaining, remove this entire section.
if ($conf->{"feat_html"})
{
my %html_cfg = ( );
--- sanitizer-1.76.orig/bin/sanitizer.pl
+++ sanitizer-1.76/bin/sanitizer.pl
@@ -40,7 +40,7 @@
# + More flexible logging, e.g. by email, files or syslog.
# + Allow rejection of messages, resulting in replies etc.
#
-BEGIN { push @INC, $ENV{"ANOMY"} . "/bin" };
+BEGIN { push @INC, $ENV{"ANOMY"} . "/bin"; };
use strict;
use Anomy::Sanitizer;
--- sanitizer-1.76.orig/debian/README.Debian
+++ sanitizer-1.76/debian/README.Debian
@@ -0,0 +1,19 @@
+sanitizer for Debian
+-------------
+
+There are two ways to use sanitizer:
+
+ - Users can scan their incoming mail using procmail. To activate
+ this feature, they just need to include the following rule in their
+ ~/.procmailrc:
+
+ :0fw
+ | sanitizer
+
+ - In a production environment (like a mail gateway), you should consider
+ a faster and more global solution - to pipe all incoming mail through
+ sanitizer by MTA (Mail Transport Agent). Configuration depends on the
+ MTA you use, you should check /usr/share/doc/sanitizer/sanitizer.html
+ and /usr/share/doc/sanitizer/contrib/ for more info.
+
+ -- Adam Byrtek Wed, 27 Feb 2002 11:43:56 +0100
--- sanitizer-1.76.orig/debian/changelog
+++ sanitizer-1.76/debian/changelog
@@ -0,0 +1,216 @@
+sanitizer (1.76-5) unstable; urgency=medium
+
+ * QA upload.
+ * Bump debhelper compat to 9.
+ * Rewrite rules file to use dh7-style.
+ * Add ${perl:Depends} and ${misc:Depends} to Depends.
+
+ -- Niels Thykier Mon, 27 Jul 2015 22:22:04 +0200
+
+sanitizer (1.76-4) unstable; urgency=medium
+
+ * Orphaning package.
+ * Changed Maintainer address to QA.
+ * Bump debian/compat to 5
+
+ -- Alberto Gonzalez Iniesta Wed, 15 Jul 2015 10:58:23 +0000
+
+sanitizer (1.76-3) unstable; urgency=low
+
+ * Fix bashism in /usr/share/sanitizer/testcases/testall.sh
+ (Closes: #489657). Thanks Jan Hauke Rahm for the patch.
+ * debian/copyright: Did some clean up.
+ * debian/doc-base: Updated section
+ * Bumped Standards-Version to 3.8.0
+
+ -- Alberto Gonzalez Iniesta Fri, 03 Oct 2008 17:23:19 +0200
+
+sanitizer (1.76-2) unstable; urgency=low
+
+ * Included example file to use sanitizer with maildrop
+ Thanks Josip Roding (Closes: #385765)
+ * Fix header parsing so it admits no spaces between the colon
+ following the header name and the actual value. Stupid outlook.
+ (Closes: #409993) Added maildrop to recommends.
+ * Bumped Standards-Version to 3.7.2.2, no change.
+ * Moved debhelper from Build-Depends-Indep to Build-Depends
+
+ -- Alberto Gonzalez Iniesta Wed, 7 Feb 2007 20:08:23 +0100
+
+sanitizer (1.76-1) unstable; urgency=low
+
+ * New upstream version.
+ * Using weird quotation, as reported in the bug, no longer fools
+ sanitizer. Tested with the script provided in the bug report.
+ (Closes: #149799)
+ * debian/control:
+ - Cleaned Depends
+ - Bumped Standards-Version to 3.6.2.0, no change.
+ - Moved to debhelper compatibility 4. Created debian/compat and
+ increased debhelper version in Build-Dep
+
+ -- Alberto Gonzalez Iniesta Sat, 7 Jan 2006 12:49:02 +0100
+
+sanitizer (1.74-1) unstable; urgency=low
+
+ * New upstream release. Thanks Luis Miguel for noticing.
+
+ -- Alberto Gonzalez Iniesta Sun, 28 Aug 2005 14:57:33 +0200
+
+sanitizer (1.70-1) unstable; urgency=low
+
+ * New upstream release.
+ Allows reporting the virus name. (Closes: #235352)
+
+ -- Alberto Gonzalez Iniesta Tue, 8 Mar 2005 09:01:34 +0100
+
+sanitizer (1.69-1) unstable; urgency=low
+
+ * New upstream release.
+ * Changed maintainer email address.
+
+ -- Alberto Gonzalez Iniesta Tue, 30 Nov 2004 20:20:41 +0100
+
+sanitizer (1.68-3) unstable; urgency=low
+
+ * Corrected sanitizer.pl to sanitizer in a couple of testcases.
+ Thanks Pedro Zorzenon Neto for noticing & patch. (Closes: #260501)
+
+ -- Alberto Gonzalez Iniesta Mon, 26 Jul 2004 14:14:19 +0200
+
+sanitizer (1.68-2) unstable; urgency=low
+
+ * Added LC_ALL=C to testall.sh. (Closes: #256215)
+ Thanks Pedro Zorzenon Neto.
+
+ -- Alberto Gonzalez Iniesta Mon, 28 Jun 2004 09:42:51 +0200
+
+sanitizer (1.68-1) unstable; urgency=low
+
+ * New upstream release
+ * Corrected Section in debian/doc-base (Closes: #247707)
+
+ -- Alberto Gonzalez Iniesta Sun, 9 May 2004 11:16:15 +0200
+
+sanitizer (1.67-1) unstable; urgency=low
+
+ * New upstream release
+ * Bumped Standards-Version to 3.6.1.0, no change.
+
+ -- Alberto Gonzalez Iniesta Mon, 29 Mar 2004 21:08:50 +0200
+
+sanitizer (1.66-1) unstable; urgency=low
+
+ * New upstream release. (Really drops attachments when it has to)
+ (Closes: #227407)
+
+ -- Alberto Gonzalez Iniesta Thu, 15 Jan 2004 10:49:05 +0100
+
+sanitizer (1.63-3) unstable; urgency=low
+
+ * Really move Perl modules to /usr/share/perl5/Anomy instead of
+ /usr/share/perl5
+
+ -- Alberto Gonzalez Iniesta Fri, 5 Dec 2003 18:15:45 +0100
+
+sanitizer (1.63-2) unstable; urgency=low
+
+ * Moved Perl modules to /usr/share/perl5/Anomy (as per policy) from
+ /usr/share/sanitizer
+
+ -- Alberto Gonzalez Iniesta Tue, 2 Dec 2003 16:23:48 +0100
+
+sanitizer (1.63-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta Sun, 7 Sep 2003 18:53:30 +0200
+
+sanitizer (1.59-1) unstable; urgency=low
+
+ * New upstream release
+ * New maintainer (Closes: #191426)
+ * Added simplify man page
+
+ -- Alberto Gonzalez Iniesta Wed, 14 May 2003 18:51:34 +0200
+
+sanitizer (1.57-4) unstable; urgency=low
+
+ * Fix bug that causes defanging and thus breakage of X-Face
+ headers (Closes: Bug#178647).
+
+ -- Søren Boll Overgaard Sun, 9 Mar 2003 22:25:29 +0000
+
+sanitizer (1.57-3) unstable; urgency=low
+
+ * New maintainer (Closes: Bug#183535)
+ * Fix versioning in X-Sanitizer-Rev-header (Closes: Bug#178643)
+ * Clean up debian/copyright and debian/control
+
+ -- Søren Boll Overgaard Sun, 9 Mar 2003 17:23:28 +0000
+
+sanitizer (1.57-2) unstable; urgency=low
+
+ * chmod a+x od test scripts to keep lintian happy
+
+ -- Adam Byrtek Wed, 20 Nov 2002 20:49:49 +0100
+
+sanitizer (1.57-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Adam Byrtek Mon, 18 Nov 2002 00:53:28 +0100
+
+sanitizer (1.55-2) unstable; urgency=low
+
+ * debian/watch file added
+
+ -- Adam Byrtek Sun, 10 Nov 2002 20:09:09 +0100
+
+sanitizer (1.55-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Adam Byrtek Sun, 13 Oct 2002 18:22:33 +0200
+
+sanitizer (1.54-2) unstable; urgency=low
+
+ * Architecture changed to 'all', not 'any'. Closes: #163201
+
+ -- Adam Byrtek Thu, 3 Oct 2002 21:18:59 +0200
+
+sanitizer (1.54-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Adam Byrtek Wed, 2 Oct 2002 00:27:58 +0200
+
+sanitizer (1.49-4) unstable; urgency=low
+
+ * Added dependency on perl5 (alternative to perl) to make potato
+ users happy
+
+ -- Adam Byrtek Wed, 8 May 2002 12:48:29 +0200
+
+sanitizer (1.49-3) unstable; urgency=low
+
+ * Small typo in documentation and example cfg file
+ Closes: #143299
+
+ -- Adam Byrtek Fri, 19 Apr 2002 15:54:11 +0200
+
+sanitizer (1.49-2) unstable; urgency=low
+
+ * Added dependency on libdigest-md5-perl
+
+ -- Adam Byrtek Thu, 4 Apr 2002 12:34:08 +0200
+
+sanitizer (1.49-1) unstable; urgency=low
+
+ * Initial Release.
+ * Closes: #130638 (RFP) and Closes: #135487 (ITP).
+ * Created Makefile, manpage, README.Debian. Ripped examples from
+ HTML manual, some other minor tweaks.
+
+ -- Adam Byrtek Wed, 27 Feb 2002 14:53:21 +0100
+
--- sanitizer-1.76.orig/debian/compat
+++ sanitizer-1.76/debian/compat
@@ -0,0 +1 @@
+9
--- sanitizer-1.76.orig/debian/control
+++ sanitizer-1.76/debian/control
@@ -0,0 +1,29 @@
+Source: sanitizer
+Section: mail
+Priority: optional
+Maintainer: Debian QA Group
+Build-Depends: debhelper (>= 9)
+Standards-Version: 3.8.0
+
+Package: sanitizer
+Architecture: all
+Depends: perl, ${perl:Depends}, ${misc:Depends}
+Recommends: procmail, maildrop
+Description: The Anomy Mail Sanitizer - an email virus scanner
+ The Anomy sanitizer is what most people would call "an email virus scanner".
+ That description is not totally accurate, but it does cover one of the more
+ important jobs that the sanitizer can do for you - it can scan email
+ attachments for viruses. Other things it can do:
+ .
+ Disable potentially dangerous HTML code, such as javascript, within
+ incoming email.
+ .
+ Protect you from email-based break-in attempts which exploit bugs in
+ common email programs (Outlook, Eudora, Pine, ...).
+ .
+ Block or "mangle" attachments based on their file names. This way if you
+ don't *need* to receive e.g. visual basic scripts, then you don't have to
+ worry about the security risk they imply (the ILOVEYOU virus was a
+ visual basic program). This lets you protect yourself and your users
+ from whole classes of attacks, without relying on complex, resource
+ intensive and outdated virus scanning solutions.
--- sanitizer-1.76.orig/debian/copyright
+++ sanitizer-1.76/debian/copyright
@@ -0,0 +1,28 @@
+This package was debianized by Adam Byrtek on
+Sun, 24 Feb 2002 15:09:06 +0100.
+
+It was downloaded from http://mailtools.anomy.net/dist/
+
+Upstream Author: Bjarni R. Einarsson
+
+Copyright (c) 2000-2005 Bjarni R. Einarsson.
+
+Copyright:
+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991.
+
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301, USA.
+
+On Debian GNU/Linux systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.
+
--- sanitizer-1.76.orig/debian/dirs
+++ sanitizer-1.76/debian/dirs
@@ -0,0 +1,6 @@
+usr/bin
+usr/share/sanitizer
+usr/share/sanitizer/contrib
+usr/share/perl5/Anomy
+usr/share/sanitizer/testcases
+usr/share/doc/sanitizer
--- sanitizer-1.76.orig/debian/doc-base
+++ sanitizer-1.76/debian/doc-base
@@ -0,0 +1,9 @@
+Document: sanitizer
+Title: The Anomy Sanitizer Manual
+Author: Bjarni R. Einarsson
+Abstract: Configuration and usage manual.
+Section: System/Security
+
+Format: HTML
+Index: /usr/share/doc/sanitizer/sanitizer.html
+Files: /usr/share/doc/sanitizer/sanitizer.html
--- sanitizer-1.76.orig/debian/docs
+++ sanitizer-1.76/debian/docs
@@ -0,0 +1,3 @@
+README.sanitizer
+CREDITS
+sanitizer.html
--- sanitizer-1.76.orig/debian/examples
+++ sanitizer-1.76/debian/examples
@@ -0,0 +1,2 @@
+examples/*
+debian/sanitizer.maildrop
--- sanitizer-1.76.orig/debian/manpages
+++ sanitizer-1.76/debian/manpages
@@ -0,0 +1,2 @@
+debian/sanitizer.1
+debian/simplify.1
--- sanitizer-1.76.orig/debian/rules
+++ sanitizer-1.76/debian/rules
@@ -0,0 +1,17 @@
+#!/usr/bin/make -f
+
+%:
+ dh $@
+
+override_dh_auto_build: # Do nothing for builds
+
+override_dh_auto_install:
+ $(MAKE) install DESTDIR=$(CURDIR)/debian/sanitizer
+
+ chmod a+x debian/sanitizer/usr/share/sanitizer/testcases/*.t
+ chmod a+x debian/sanitizer/usr/share/sanitizer/contrib/check_for_virus
+ chmod a+x debian/sanitizer/usr/share/sanitizer/contrib/tnef2multipart.pl
+ chmod a+x debian/sanitizer/usr/share/sanitizer/contrib/zip_policy.pl
+
+override_dh_installchangelogs:
+ dh_installchangelogs CHANGELOG.sanitizer
--- sanitizer-1.76.orig/debian/sanitizer.1
+++ sanitizer-1.76/debian/sanitizer.1
@@ -0,0 +1,41 @@
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH SANITIZER 1 "February 27, 2002"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+sanitizer \- an email virus scanner
+.SH SYNOPSIS
+\fBsanitizer\fP \fI[conffile ...] [confoption ...]\fP
+.SH DESCRIPTION
+This manual page documents briefly the \fBsanitizer\fP command.
+This manual page was written for the Debian GNU/Linux distribution
+because the original program does not have a manual page.
+
+The Anomy Sanitizer is what most people would call "an email virus
+scanner". That description is not totally accurate, but it does cover
+one of the more important jobs that the sanitizer can do for you - it
+can scan email attachments for viruses.
+
+Sanitizer acts as pipe. It expects an email message to scan on
+standard input, and returns filtered message on standard output. You
+could give a path to configuration file or just set some configuration
+variables in command line.
+.SH SEE ALSO
+.BR procmail (1).
+More info on configuration: \fB/usr/share/doc/sanitizer/sanitizer.html\fP
+.SH AUTHOR
+This manual page was written by Adam Byrtek ,
+for the Debian GNU/Linux system (but may be used by others).
--- sanitizer-1.76.orig/debian/sanitizer.maildrop
+++ sanitizer-1.76/debian/sanitizer.maildrop
@@ -0,0 +1,23 @@
+# This file is just an example
+# Modify it to your needs
+# We take no responsibility if it eats your mail
+# Author: Josip Rodin
+
+ANOMY=/home/bre/anomy
+SANCFG=
+TMPDIR=/tmp/sanitizer.$LOGNAME
+DATE=`date +%Y%m%d-%H%M`
+MKDIR=`mkdir -p $TMPDIR`
+SANLOG=$TMPDIR/eml-$DATE-$$.log
+
+cc $TMPDIR/eml-$DATE-$$.mbx
+
+xfilter "$ANOMY/bin/sanitizer.pl \
+ \"file_name_tpl = $TMPDIR/eml-$DATE-$$\"'-$$$-$F' \
+ $SANCFG \
+ 'feat_log_stderr = 1' \
+ 2>$SANLOG"
+
+`grep 'File was infected' $SANLOG`
+if ( $RETURNCODE == 0 )
+ xfilter 'reformail -I"X-Found-Virus: Yes"'
--- sanitizer-1.76.orig/debian/simplify.1
+++ sanitizer-1.76/debian/simplify.1
@@ -0,0 +1,68 @@
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH SIMPLIFY 1 "May 14, 2003"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+simplify \- a script to simplify a MIME message
+.SH SYNOPSIS
+\fBsimplify\fP \fI[args ...] < message > othermessage\fP
+.SH DESCRIPTION
+This manual page documents briefly the \fBsimplify\fP command.
+\fBsimplify\fP is a Perl script to simplify a MIME message.
+.PP
+This script never loads the entire message into memory, but does dump
+it's entire contents to disk once.
+.SH OPTIONS
+.TP
+\fBmime=no\fR
+Don't use MIME, no HTML mail allowed.
+.TP
+\fBtesting=yes\fR
+Run in testing mode (suppress randonmess)
+.TP
+\fBsaveall=yes\fR
+Save all attachments to files.
+.TP
+\fBtemp=/path/to/working/dir/\fR
+Defaults to /tmp.
+.TP
+\fBurl=http://box/path/\fR
+URL-prefix for printing paths to attachments
+.TP
+\fBheader=text...\fR
+Text preceding the attachment URL list.
+.TP
+\fBtextsig=/path/to/file\fR
+Text signature to append to text parts.
+.TP
+\fBhtmlsig=/path/to/file\fR
+HTML signature to append to HTML parts.
+.PP
+If "saveall" is yes, then the script will save all attachments to disk so
+people can access their contents later. If an URL is specified then that
+automatically implies "saveall=yes". Without this, the default behavior is
+to only save text and html parts, and delete them and all working
+directories when the script is finished.
+
+
+.SH SEE ALSO
+.BR sanitizer (1).
+More info on configuration: \fB/usr/share/doc/sanitizer/sanitizer.html\fP
+.SH AUTHOR
+Bjarni R. Einarsson
+.PP
+This manual page was written by Alberto Gonzalez Iniesta
+for the Debian GNU/Linux system (but may be used by others).
--- sanitizer-1.76.orig/debian/undocumented
+++ sanitizer-1.76/debian/undocumented
@@ -0,0 +1 @@
+simplify.1
--- sanitizer-1.76.orig/debian/watch
+++ sanitizer-1.76/debian/watch
@@ -0,0 +1,3 @@
+version=2
+http://mailtools.anomy.net/dist/ anomy-sanitizer-([0-9\.]+).tar.gz \
+ debian uupdate
--- sanitizer-1.76.orig/examples/procmailrc
+++ sanitizer-1.76/examples/procmailrc
@@ -0,0 +1,4 @@
+# sample ~/.procmailrc to sanitize incoming mail
+
+:0fw
+| sanitizer
--- sanitizer-1.76.orig/examples/sanitizer.cfg1
+++ sanitizer-1.76/examples/sanitizer.cfg1
@@ -0,0 +1,80 @@
+#
+# These are the default values for all feature switches.
+#
+feat_verbose = 1 # Warn user about unscanned parts, etc.
+feat_log_inline = 1 # Inline logs: 0 = Off, 1 = Maybe, 2 = Force
+feat_log_stderr = 1 # Print log to standard error
+feat_log_xml = 0 # Don't use XML format for logs.
+feat_log_trace = 0 # Omit trace info from logs.
+feat_log_after = 0 # Don't add any scratch space to part headers.
+feat_files = 1 # Enable filename-based policy decisions.
+feat_force_name = 0 # Force all parts (except text/html parts) to
+ # have file names.
+feat_boundaries = 0 # Replace all boundary strings with our own
+ # NOTE: Always breaks PGP/MIME messages!
+feat_lengths = 1 # Protect against buffer overflows and null
+ # values.
+feat_scripts = 1 # Defang incoming shell scripts.
+feat_html = 1 # Defang active HTML content.
+feat_webbugs = 0 # Web-bugs are allowed.
+feat_trust_pgp = 0 # Don't scan PGP signed message parts.
+feat_uuencoded = 1 # Sanitize inline uuencoded files.
+feat_forwards = 1 # Sanitize forwarded messages
+feat_testing = 0 # This isn't a test-case configuration.
+feat_fixmime = 1 # Fix invalid MIME, if possible.
+feat_paranoid = 0 # Don't be excessively paranoid about MIME headers etc.
+#
+# Scoring
+#
+score_bad = 100 # Any message requring this many modifications
+ # will cause the sanitizer to return a non-zero
+ # exit code after processing the entire message.
+#
+# You may need to increase the following if you have a very
+# complex configuration split between multiple files.
+#
+max_conf_recursion = 5 # The default is 5.
+
+# We have three policies, in addition to the default which is
+# to defang file names.
+#
+file_list_rules = 3
+file_default_policy = defang
+file_default_filename = unnamed.file
+
+# Delete obviously executable attachments. This list is VERY
+# incomplete! This is a perl regular expression, see "man
+# perlre" for info. The (?i) prefix makes the regexp case
+# insensitive.
+#
+# There is only one policy, since we aren't using an external
+# scanner. The file list is split accross two lines, for fun.
+#
+file_list_1 = (?i)\.(exe|com
+file_list_1 += |cmd|bat)$
+file_list_1_policy = drop
+file_list_1_scanner = 0
+
+# Scan mp3 files for Evil Viruses, using the imaginary mp3virscan
+# utility. Always define FOUR potential policies, which depend on the
+# exit code returned by the scanner. Which code means what is
+# defined in the scanner line, which must contain THREE entries.
+# The fourth policy is used for "anything else".
+#
+# "accept" if the file is clean (exit status 0 or 1)
+# "mangle" if the file was dirty, but is now clean (2 or 4)
+# "drop" if the file is still dirty (66)
+# "save" if the mp3virscan utility returns some other exit code
+# or an error occurs.
+#
+file_list_2 = (?i)\.(mp3|mp2|mpg)$
+file_list_2_policy = accept:mangle:drop:save
+file_list_2_scanner = 0,1:2,4:66:/path/to/mp3virscan -opt -f %FILENAME
+
+# Scan WinWord and Excel attachments with built-in macro scanner.
+# We consider anything exceeding the score of 25 to be dangerous,
+# and save it in the quarantine.
+#
+file_list_3 = (?i)\.(doc|dot|xls|xlw)$
+file_list_3_policy = accept:accept:save:save
+file_list_3_scanner = 0:1:2:builtin 25
--- sanitizer-1.76.orig/examples/sanitizer.cfg2
+++ sanitizer-1.76/examples/sanitizer.cfg2
@@ -0,0 +1,54 @@
+#
+# Active features.
+#
+feat_boundaries = 0
+feat_files = 1
+feat_forwards = 1
+feat_html = 1
+feat_lengths = 1
+feat_log_inline = 1
+feat_log_stderr = 0
+feat_scripts = 1
+feat_trust_pgp = 0
+feat_uuencoded = 1
+feat_verbose = 1
+file_list_rules = 4
+
+# Files we absolutely don't want (mostly executables).
+#
+file_list_1_scanner = 0
+file_list_1_policy = save
+file_list_1 = (?i)(winmail\.dat
+file_list_1 += |\.(exe|vb[es]|c(om|hm)|bat|pif|s(ys|cr))
+file_list_1 += (\.g?z|\.bz\d?)*)$
+
+# Pure data, don't mangle this stuff (much).
+#
+file_list_2_scanner = 0
+file_list_2_policy = accept
+file_list_2 = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp
+file_list_2 += |mp[32]|wav|au|ram?
+file_list_2 += |avi|mov|mpe?g
+file_list_2 += |t(xt|ex)|csv|l(og|yx)|sql|jtmpl
+file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|pa(tch|s)|java|php\d?
+file_list_2 += |[ja]sp
+file_list_2 += |can|pos|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*$
+
+file_list_3_scanner = 0
+file_list_3_policy = accept
+file_list_3 = ^[^\.]+$
+
+# Archives and scriptable stuff - virus scan these.
+# NOTE: There must be THREE groups of exit codes and FOUR policies,
+# - the first three match the code groups, the fourth is default.
+#
+file_list_4_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME
+file_list_4_policy = accept:accept:save:save
+file_list_4 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html?
+file_list_4 += |class|upd|wp\d?|m?db
+file_list_4 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
+file_list_4 += )(\.g?z|\.bz\d?)*$
+
+# Default policy: accept, but mangle file name.
+#
+file_default_policy = defang
--- sanitizer-1.76.orig/sanitizer.html
+++ sanitizer-1.76/sanitizer.html
@@ -497,7 +497,7 @@
# You may need to increase the following if you have a very
# complex configuration split between multiple files.
#
- max_conf_recursions = 5 # The default is 5.
+ max_conf_recursion = 5 # The default is 5.
#
# Create temporary or saved files using this template.
# An attachment named "dude.txt" might be saved as
--- sanitizer-1.76.orig/testcases/results.def/sanitizer.rev1_58.ok
+++ sanitizer-1.76/testcases/results.def/sanitizer.rev1_58.ok
@@ -74,7 +74,7 @@
QPDATA=3D$(cat sanitizer.rev1_58.t \
|perl -MMIME::QuotedPrint -Mbytes -npe '$_=3Dencode_qp($_);s/-/=3D2D/g')
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'file_list_rules =3D 1' \
'file_list_1_scanner =3D 0' \
'file_list_1_policy =3D drop' \
--- sanitizer-1.76.orig/testcases/sanitizer.appledouble.t
+++ sanitizer-1.76/testcases/sanitizer.appledouble.t
@@ -9,7 +9,7 @@
+ output line-length same as input.
tac
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
"header_rev = 0" \
"feat_log_trace = 0" \
"feat_verbose = 0" \
--- sanitizer-1.76.orig/testcases/sanitizer.bad_html.t
+++ sanitizer-1.76/testcases/sanitizer.bad_html.t
@@ -12,7 +12,7 @@
touch test.log test.out
for WB in 0 1; do
- $ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+ $ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'file_list_1 = (?i)evil$' 'file_list_1_policy = mangle' \
'header_rev = 0' \
"feat_testing = 1" \
--- sanitizer-1.76.orig/testcases/sanitizer.base64.t
+++ sanitizer-1.76/testcases/sanitizer.base64.t
@@ -30,7 +30,7 @@
for FLI in 0 1 2; do
echo "Setting feat_log_inline = $FLI" >>test.out
- $ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+ $ANOMY/bin/sanitizer -nofprot $SAN_CONF \
"header_rev = 0" \
"feat_testing = 1" \
"feat_log_trace = 1" \
--- sanitizer-1.76.orig/testcases/sanitizer.boundary.t
+++ sanitizer-1.76/testcases/sanitizer.boundary.t
@@ -14,7 +14,7 @@
- Test the Transfer-Encoding fixer-upper code.
tac
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_testing = 1' \
'feat_log_inline = 1' \
'feat_log_stderr = 1' \
@@ -46,7 +46,7 @@
EOF
echo "*** Exit code was $? ***" >>test.out
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_log_inline = 1' \
'file_list_2_policy = accept' \
'file_list_2 = (?i)\.txt$' \
@@ -75,7 +75,7 @@
EOF
echo "*** Exit code was $? ***" >>test.out
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_log_inline = 1' \
'file_list_2_policy = accept' \
'file_list_2 = (?i)\.txt$' \
--- sanitizer-1.76.orig/testcases/sanitizer.defaults.t
+++ sanitizer-1.76/testcases/sanitizer.defaults.t
@@ -12,7 +12,7 @@
tac
rm -f ./.tmp.*
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_testing = 1' 'file_name_tpl = /tmp/att-$$$-$F' 'header_rev = 0' \
<test.log >test.out
From xxx@example.com Thu Aug 3 07:32:10 2000
--- sanitizer-1.76.orig/testcases/sanitizer.exchange.t
+++ sanitizer-1.76/testcases/sanitizer.exchange.t
@@ -7,7 +7,7 @@
- null charset vulnerability protection (Exchange 5.5 DoS)
tac
-$ANOMY/bin/sanitizer.pl -nofprot \
+$ANOMY/bin/sanitizer -nofprot \
'header_rev = 0' \
'feat_testing = 1' \
'feat_log_inline = 1' \
--- sanitizer-1.76.orig/testcases/sanitizer.filenames.t
+++ sanitizer-1.76/testcases/sanitizer.filenames.t
@@ -16,7 +16,7 @@
rm -f ./.tmp.*
# 'file_characters = A-Za-z0-9 ÁÉÍÓÚÝáéíóúý' \
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_force_name = 1' \
'file_list_rules = 11' \
"file_list_1_scanner = 0::1:$BINFALSE" \
--- sanitizer-1.76.orig/testcases/sanitizer.force_hdr.t
+++ sanitizer-1.76/testcases/sanitizer.force_hdr.t
@@ -7,7 +7,7 @@
tac
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'header_rev = 0' \
'feat_testing = 1' \
'feat_log_inline = 1' \
--- sanitizer-1.76.orig/testcases/sanitizer.forwarded.t
+++ sanitizer-1.76/testcases/sanitizer.forwarded.t
@@ -7,7 +7,7 @@
tac
# 'feat_log_trace = 1' \
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'header_rev = 0' \
'feat_testing = 1' \
'feat_forwards = 1' \
--- sanitizer-1.76.orig/testcases/sanitizer.fprotd.t
+++ sanitizer-1.76/testcases/sanitizer.fprotd.t
@@ -31,7 +31,7 @@
export CAR='-ANTIVIRUS-TEST-FILE!$H+H*'
for ARG in -nofprot -yesfprot; do
- $ANOMY/bin/sanitizer.pl $ARG $SAN_CONF \
+ $ANOMY/bin/sanitizer $ARG $SAN_CONF \
'header_rev = 0' \
'feat_testing = 1' \
'feat_log_stderr = 1' \
--- sanitizer-1.76.orig/testcases/sanitizer.logging.t
+++ sanitizer-1.76/testcases/sanitizer.logging.t
@@ -14,7 +14,7 @@
echo "######### feat_log_inline = $level, feat_log_after = $scratch ##########"
echo
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_verbose = 1' \
"feat_log_inline = $level" \
"feat_log_after = $scratch" \
--- sanitizer-1.76.orig/testcases/sanitizer.mime_depth.t
+++ sanitizer-1.76/testcases/sanitizer.mime_depth.t
@@ -7,7 +7,7 @@
- Handling of attributes with null values at ends of header lines.
tac
-$ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
+$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
"feat_testing = 1" \
"max_mime_depth = 1" \
"header_rev = 0" \
--- sanitizer-1.76.orig/testcases/sanitizer.msg-crlf.t
+++ sanitizer-1.76/testcases/sanitizer.msg-crlf.t
@@ -18,7 +18,7 @@
rm -f ./.tmp.* test.log test.out
for a in 0 1 2 3; do
cat <>test.out
-$ANOMY/bin/simplify.pl "testing=yes" "temp=./.tmp" \
+$ANOMY/bin/simplify "testing=yes" "temp=./.tmp" \
"url=http://blah/" "header=HEADER2" <>test.log >>test.out
From xxx@example.com Thu Aug 3 07:32:10 2000
Return-Path:
@@ -75,7 +75,7 @@
EOF
echo "*** Exit code was $? ***" >>test.out
-$ANOMY/bin/simplify.pl "testing=yes" "temp=./.tmp" "url=http://blah/" "header=HEADER2" <>test.log >>test.out
+$ANOMY/bin/simplify "testing=yes" "temp=./.tmp" "url=http://blah/" "header=HEADER2" <>test.log >>test.out
From xxx@example.com Thu Aug 3 07:32:10 2000
Return-Path:
Received: from example.com (root@example.com [149.144.245.5])
--- sanitizer-1.76.orig/testcases/testall.sh
+++ sanitizer-1.76/testcases/testall.sh
@@ -1,10 +1,14 @@
#!/bin/sh
+# Debian
+LC_ALL=C
+export LC_ALL
+
# Set default variables.
#
FAILED=0
[ "$TEST_RESULTS" = "" ] && TEST_RESULTS=results.def
-ANOMY=..
+ANOMY=/usr
PERL5LIB=
export ANOMY PERL5LIB
@@ -114,7 +118,7 @@
mv -f $t "$TEST_RESULTS"/`echo $t |sed -e "s/^test/$test/"`
done
echo "failed (moved result files to $TEST_RESULTS)"
- let FAILED=$FAILED+1
+ FAILED=$(($FAILED+1))
fi
fi
[ -e "$TEST_RESULTS/$test.ok.rot13" ] && rm -f "$TEST_RESULTS/$test.ok"