How to check for executables in ZIP-files with Anomy Sanitizer
<< Back to overview / Zurück zur ÜbersichtNote: This information was written in the year 2005 - so it may be outdated!
The Anomy-Sanitizer will not scan for executables in ZIP-files by default. I wrote a tiny script to make this possible:
Insert in your anomy-config something like (you may need to adjust the other file_list-numbers in your config):
...
file_list_2 = (?i)\.(zip)*$
file_list_2_policy = accept:save:save:save
file_list_2_scanner = 0:1:10:/scripts/checkinzip %FILENAME
...
file_list_2 = (?i)\.(zip)*$
file_list_2_policy = accept:save:save:save
file_list_2_scanner = 0:1:10:/scripts/checkinzip %FILENAME
...
Create a script (e.g. /scripts/checkinzip):
#!/bin/bash
#
# No filename found
[ "$1" = "" ] && exit 10
# File not found
[ -f "$1" ] || exit 10
/usr/bin/unzip -l $1 >/var/tmp/checkinzip.$$
if [ -n "$(cat /var/tmp/checkinzip.$$ | grep -E -i '\.(exe|com|vbs|scr|vbe|chm|bat|pif|sys)*$')" ]; then
rm /var/tmp/checkinzip.$$
exit 1
fi
rm /var/tmp/checkinzip.$$
exit 0
#
# No filename found
[ "$1" = "" ] && exit 10
# File not found
[ -f "$1" ] || exit 10
/usr/bin/unzip -l $1 >/var/tmp/checkinzip.$$
if [ -n "$(cat /var/tmp/checkinzip.$$ | grep -E -i '\.(exe|com|vbs|scr|vbe|chm|bat|pif|sys)*$')" ]; then
rm /var/tmp/checkinzip.$$
exit 1
fi
rm /var/tmp/checkinzip.$$
exit 0
Then make this script executable for all users and you're ready to try it out.
You may wish to comment-out the 'rm'-statements for debug-purposes. You can then look for incoming zip-filelistings in /var/tmp, when you send a testmail to you from another system.
You may wish to comment-out the 'rm'-statements for debug-purposes. You can then look for incoming zip-filelistings in /var/tmp, when you send a testmail to you from another system.
Copyright by Tobias Wiersch, 3D4X
Seite zuletzt geändert am: 23.01.2019