Add anomy-sanitizer 1.63, sanitize and clean incoming/outgoing mail.
The Anomy sanitizer is what most people would call "an email virus scanner". The most important jobs that the sanitizer can do for you - it can scan email attachments for viruses. Other things it can do: - Disable potentially dangerous HTML code, such as javascript, within incoming email. - Protect you from email-based break-in attempts which exploit bugs in common email programs (Outlook, Eudora, Pine, ...). - Block or "mangle" attachments based on their file names. This way if you don't need to recieve e.g. visual basic scripts, then you don't have to worry about the security risk they imply (the ILOVEYOU virus was a visual basic program). This lets you protect yourself and your users from whole classes of attacks, instead of blocking individual exploits. Author: Bjarni R. Einarsson <bre@netverjar.is> WWW: http://mailtools.anomy.net/ PR: 59869 Submitted by: janos.mohacsi@bsd.hu
This commit is contained in:
parent
9101f932c3
commit
04de5e37c4
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=95630
@ -6,6 +6,7 @@
|
||||
SUBDIR += aileron
|
||||
SUBDIR += akpop3d
|
||||
SUBDIR += althea
|
||||
SUBDIR += anomy-sanitizer
|
||||
SUBDIR += anubis
|
||||
SUBDIR += archivemail
|
||||
SUBDIR += arrow
|
||||
|
49
mail/anomy-sanitizer/Makefile
Normal file
49
mail/anomy-sanitizer/Makefile
Normal file
@ -0,0 +1,49 @@
|
||||
# New ports collection makefile for: anomy-sanitizer
|
||||
# Date created: 2003-02-11
|
||||
# Whom: janos.mohacsi@bsd.hu
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= anomy-sanitizer
|
||||
PORTVERSION= 1.63
|
||||
CATEGORIES= mail security
|
||||
MASTER_SITES= http://mailtools.anomy.net/dist/
|
||||
|
||||
MAINTAINER= janos.mohacsi@bsd.hu
|
||||
COMMENT= Sanitize and clean incoming/outgoing mail
|
||||
|
||||
RUN_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/Digest/MD5.pm:${PORTSDIR}/security/p5-Digest-MD5 \
|
||||
${SITE_PERL}/${PERL_ARCH}/MIME/Base64.pm:${PORTSDIR}/converters/p5-MIME-Base64 \
|
||||
procmail:${PORTSDIR}/mail/procmail
|
||||
|
||||
USE_PERL5= yes
|
||||
|
||||
NO_BUILD= yes
|
||||
WRKSRC= ${WRKDIR}/anomy
|
||||
|
||||
DOCS= CHANGELOG.sanitizer CREDITS README.sanitizer sanitizer.html
|
||||
|
||||
do-install:
|
||||
@${MKDIR} ${SITE_PERL}/Anomy/Sanitizer/
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/Anomy/HTMLCleaner.pm ${SITE_PERL}/Anomy
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/Anomy/Log.pm ${SITE_PERL}/Anomy
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/Anomy/MIMEStream.pm ${SITE_PERL}/Anomy
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/Anomy/Sanitizer.pm ${SITE_PERL}/Anomy
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/Anomy/Sanitizer/FProt.pm ${SITE_PERL}/Anomy/Sanitizer/
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/Anomy/Sanitizer/MacroScanner.pm ${SITE_PERL}/Anomy/Sanitizer/
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/Anomy/Sanitizer/Scoring.pm ${SITE_PERL}/Anomy/Sanitizer/
|
||||
${INSTALL_SCRIPT} ${WRKSRC}/bin/sanitizer.pl ${PREFIX}/bin
|
||||
${INSTALL_SCRIPT} ${WRKSRC}/bin/simplify.pl ${PREFIX}/bin
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA} ${FILESDIR}/sanitizer.cfg.sample ${PREFIX}/etc/
|
||||
@${ECHO_MSG} ""
|
||||
@${ECHO_MSG} "Sample config installed at ${PREFIX}/etc/sanitizer.cfg.sample"
|
||||
@${ECHO_MSG} ""
|
||||
.if !defined(NOPORTDOCS)
|
||||
@${MKDIR} ${DOCSDIR}
|
||||
cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
1
mail/anomy-sanitizer/distinfo
Normal file
1
mail/anomy-sanitizer/distinfo
Normal file
@ -0,0 +1 @@
|
||||
MD5 (anomy-sanitizer-1.63.tar.gz) = 68cccc5a145ffb5f0faadcd971d96483
|
57
mail/anomy-sanitizer/files/sanitizer.cfg.sample
Normal file
57
mail/anomy-sanitizer/files/sanitizer.cfg.sample
Normal file
@ -0,0 +1,57 @@
|
||||
# Active features.
|
||||
#
|
||||
feat_boundaries = 0
|
||||
feat_files = 1
|
||||
feat_forwards = 1
|
||||
feat_html = 1
|
||||
feat_lengths = 1
|
||||
feat_log_inline = 1
|
||||
feat_log_stderr = 0
|
||||
feat_scripts = 1
|
||||
feat_trust_pgp = 0
|
||||
feat_uuencoded = 1
|
||||
feat_verbose = 1
|
||||
file_list_rules = 4
|
||||
#
|
||||
# Note: This directory must exist and be writable by
|
||||
# the user running the sanitizer.
|
||||
#
|
||||
file_name_tpl = /var/quarantine/att-$F-$T.$$
|
||||
|
||||
# Files we absolutely don't want (mostly executables).
|
||||
#
|
||||
file_list_1_scanner = 0
|
||||
file_list_1_policy = save
|
||||
file_list_1 = (?i)(winmail\.dat
|
||||
file_list_1 += |\.(exe|vb[es]|c(om|hm)|bat|pif|s(ys|cr))
|
||||
file_list_1 += (\.g?z|\.bz\d?)*)$
|
||||
|
||||
# Pure data, don't mangle this stuff (much).
|
||||
#
|
||||
file_list_2_scanner = 0
|
||||
file_list_2_policy = accept
|
||||
file_list_2 = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp
|
||||
file_list_2 += |mp[32]|wav|au|ram?
|
||||
file_list_2 += |avi|mov|mpe?g
|
||||
file_list_2 += |t(xt|ex)|csv|l(og|yx)|sql|jtmpl
|
||||
file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|pa(tch|s)|java|php\d?
|
||||
file_list_2 += |[ja]sp
|
||||
file_list_2 += |can|pos|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*$
|
||||
|
||||
file_list_3_scanner = 0
|
||||
file_list_3_policy = accept
|
||||
file_list_3 = ^[^\.]+$
|
||||
|
||||
# Scan WinWord and Excel attachments with built-in macro scanner.
|
||||
# We consider anything exceeding the score of 25 to be dangerous,
|
||||
# and save it in the quarantine.
|
||||
#
|
||||
file_list_4 = (?i)\.(doc|dot|xls|xlw)$
|
||||
file_list_4_policy = accept:accept:save:save
|
||||
file_list_4_scanner = 0:1:2:builtin/macro 25
|
||||
|
||||
|
||||
|
||||
# Default policy: accept, but mangle file name.
|
||||
#
|
||||
file_default_policy = defang
|
111
mail/anomy-sanitizer/files/sanitizer.cfg.sample2
Normal file
111
mail/anomy-sanitizer/files/sanitizer.cfg.sample2
Normal file
@ -0,0 +1,111 @@
|
||||
# Example configuration file for Anomy Sanitizer
|
||||
#
|
||||
# From http://advosys.ca/papers/postfix-filtering.html
|
||||
# Advosys Consulting Inc., Ottawa
|
||||
#
|
||||
# Works with Anomy Sanitizer revision 1.49
|
||||
|
||||
# Do not log to STDERR:
|
||||
feat_log_stderr = 0
|
||||
|
||||
# Don't insert log in the message itself:
|
||||
feat_log_inline = 0
|
||||
|
||||
# Advertisement to insert in each mail header:
|
||||
header_info = X-Sanitizer: Anomy Sanitizer mail filter
|
||||
header_url = 0
|
||||
header_rev = 0
|
||||
|
||||
# Enable filename based policy decisions:
|
||||
feat_files = 1
|
||||
|
||||
# Protect against buffer overflows and null values:
|
||||
feat_lengths = 1
|
||||
|
||||
# Replace MIME boundaries with our own:
|
||||
feat_boundaries = 1
|
||||
|
||||
# Fix invalid and ambiguous MIME boundaries, if possible:
|
||||
feat_fixmime = 1
|
||||
|
||||
# Trust signed and/or encrypted messages:
|
||||
feat_trust_pgp = 1
|
||||
msg_pgp_warning = WARNING: Unsanitized content follows.\n
|
||||
|
||||
# Defang shell scripts:
|
||||
feat_scripts = 0
|
||||
|
||||
# Defang active HTML:
|
||||
feat_html = 1
|
||||
|
||||
# Defang UUEncoded files:
|
||||
feat_uuencoded = 0
|
||||
|
||||
# Sanitize forwarded content too:
|
||||
feat_forwards = 1
|
||||
|
||||
# Testing? Set to 1 for testing, 0 for production:
|
||||
feat_testing = 0
|
||||
|
||||
# # Warn user about unscanned parts, etc.
|
||||
feat_verbose = 1
|
||||
|
||||
# Force all parts (except text/html parts) to
|
||||
# have file names.
|
||||
feat_force_name = 1
|
||||
|
||||
# Disable web bugs:
|
||||
feat_webbugs = 1
|
||||
|
||||
# Disable "score" based mail discarding:
|
||||
score_panic = 0
|
||||
score_bad = 0
|
||||
|
||||
msg_file_drop = \n*****\n
|
||||
msg_file_drop += NOTE: An attachment named %FILENAME was deleted from
|
||||
msg_file_drop += this message because it contained a windows executable
|
||||
msg_file_drop += or other potentially dangerous file type.
|
||||
msg_file_drop += Contact the system administrator for more information.
|
||||
|
||||
##
|
||||
## File attachment name mangling rules:
|
||||
##
|
||||
|
||||
# Specify the Anomy temp file and quarantine directory
|
||||
file_name_tpl = /var/spool/filter/att-$F-$T.$$
|
||||
|
||||
# Number of rulesets we are defining:
|
||||
file_list_rules = 2
|
||||
file_default_policy = defang
|
||||
|
||||
# Delete probably nasty attachments:
|
||||
file_list_1 = (?i)(winmail.dat)|
|
||||
file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf
|
||||
file_list_1 += |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
|
||||
file_list_1_policy = drop
|
||||
file_list_1_scanner = 0
|
||||
|
||||
# Allow known "safe" file types and those that will be
|
||||
# scanned by the user's desktop virus scanner:
|
||||
file_list_2 = (?i)\.
|
||||
# Word processor and document formats:
|
||||
file_list_2 += (doc|dot|txt|rtf|pdf|ps|htm|[sp]?html?
|
||||
# Spreadsheets:
|
||||
file_list_2 += |xls|xlw|xlt|csv|wk[1-4]
|
||||
# Presentation applications:
|
||||
file_list_2 += |ppt|pps|pot
|
||||
# Bitmap graphic files:
|
||||
file_list_2 += |jpe?g|gif|png|tiff?|bmp|psd|pcx
|
||||
# Vector graphics and diagramming:
|
||||
file_list_2 += |vsd|drw|cdr|swf
|
||||
# Multimedia:
|
||||
file_list_2 += |mp3|avi|mpe?g|mov|ram?|mid|ogg
|
||||
# Archives:
|
||||
file_list_2 += |zip|g?z|rar|tgz|bz2|tar
|
||||
# Source code:
|
||||
file_list_2 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)
|
||||
file_list_2_policy = accept
|
||||
file_list_2_scanner = 0
|
||||
|
||||
# Any file type not listed above gets renamed to prevent
|
||||
# ms outlook from auto-executing it.
|
18
mail/anomy-sanitizer/pkg-descr
Normal file
18
mail/anomy-sanitizer/pkg-descr
Normal file
@ -0,0 +1,18 @@
|
||||
The Anomy sanitizer is what most people would call
|
||||
"an email virus scanner". The most important jobs that the sanitizer
|
||||
can do for you - it can scan email attachments for viruses.
|
||||
|
||||
Other things it can do:
|
||||
- Disable potentially dangerous HTML code, such as javascript,
|
||||
within incoming email.
|
||||
- Protect you from email-based break-in attempts which exploit
|
||||
bugs in common email programs (Outlook, Eudora, Pine, ...).
|
||||
- Block or "mangle" attachments based on their file names.
|
||||
This way if you don't need to recieve e.g. visual basic scripts,
|
||||
then you don't have to worry about the security risk they imply
|
||||
(the ILOVEYOU virus was a visual basic program).
|
||||
This lets you protect yourself and your users from whole
|
||||
classes of attacks, instead of blocking individual exploits.
|
||||
|
||||
Author: Bjarni R. Einarsson <bre@netverjar.is>
|
||||
WWW: http://mailtools.anomy.net/
|
18
mail/anomy-sanitizer/pkg-plist
Normal file
18
mail/anomy-sanitizer/pkg-plist
Normal file
@ -0,0 +1,18 @@
|
||||
@comment $FreeBSD$
|
||||
bin/sanitizer.pl
|
||||
bin/simplify.pl
|
||||
etc/sanitizer.cfg.sample
|
||||
%%SITE_PERL%%/Anomy/HTMLCleaner.pm
|
||||
%%SITE_PERL%%/Anomy/Log.pm
|
||||
%%SITE_PERL%%/Anomy/MIMEStream.pm
|
||||
%%SITE_PERL%%/Anomy/Sanitizer.pm
|
||||
%%SITE_PERL%%/Anomy/Sanitizer/FProt.pm
|
||||
%%SITE_PERL%%/Anomy/Sanitizer/MacroScanner.pm
|
||||
%%SITE_PERL%%/Anomy/Sanitizer/Scoring.pm
|
||||
@dirrm %%SITE_PERL%%/Anomy/Sanitizer/
|
||||
@dirrm %%SITE_PERL%%/Anomy/
|
||||
%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.sanitizer
|
||||
%%PORTDOCS%%%%DOCSDIR%%/CREDITS
|
||||
%%PORTDOCS%%%%DOCSDIR%%/README.sanitizer
|
||||
%%PORTDOCS%%%%DOCSDIR%%/sanitizer.html
|
||||
%%PORTDOCS%%@dirrm %%DOCSDIR%%
|
Loading…
Reference in New Issue
Block a user