| Server IP : 127.0.0.2 / Your IP : 3.15.7.43 Web Server : Apache/2.4.18 (Ubuntu) System : User : www-data ( ) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/augeas/lenses/dist/tests/ |
Upload File : |
module Test_Mailscanner_Rules =
let conf = "# JKF 10/08/2007 Adobe Acrobat nastiness
rename \.fdf$ Dangerous Adobe Acrobat data-file Opening this file can cause auto-loading of any file from the internet
# JKF 04/01/2005 More Microsoft security vulnerabilities
deny \.ico$ Windows icon file security vulnerability Possible buffer overflow in Windows
allow \.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$ - -
deny+delete \.cur$ Windows cursor file security vulnerability Possible buffer overflow in Windows
andrew@baruwa.com,andrew@baruwa.net \.reg$ Possible Windows registry attack Windows registry entries are very dangerous in email
andrew@baruwa.com andrew@baruwa.net \.chm$ Possible compiled Help file-based virus Compiled help files are very dangerous in email
rename to .ppt \.pps$ Renamed .pps to .ppt Renamed .pps to .ppt
"
test Mailscanner_Rules.lns get conf =
{ "#comment" = "JKF 10/08/2007 Adobe Acrobat nastiness" }
{ "1"
{ "action" = "rename" }
{ "regex" = "\.fdf$" }
{ "log-text" = "Dangerous Adobe Acrobat data-file" }
{ "user-report" = "Opening this file can cause auto-loading of any file from the internet" }
}
{}
{ "#comment" = "JKF 04/01/2005 More Microsoft security vulnerabilities" }
{ "2"
{ "action" = "deny" }
{ "regex" = "\.ico$" }
{ "log-text" = "Windows icon file security vulnerability" }
{ "user-report" = "Possible buffer overflow in Windows" }
}
{ "3"
{ "action" = "allow" }
{ "regex" = "\.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$" }
{ "log-text" = "-" }
{ "user-report" = "-" }
}
{ "4"
{ "action" = "deny+delete" }
{ "regex" = "\.cur$" }
{ "log-text" = "Windows cursor file security vulnerability" }
{ "user-report" = "Possible buffer overflow in Windows" }
}
{ "5"
{ "action" = "andrew@baruwa.com,andrew@baruwa.net" }
{ "regex" = "\.reg$" }
{ "log-text" = "Possible Windows registry attack" }
{ "user-report" = "Windows registry entries are very dangerous in email" }
}
{ "6"
{ "action" = "andrew@baruwa.com andrew@baruwa.net" }
{ "regex" = "\.chm$" }
{ "log-text" = "Possible compiled Help file-based virus" }
{ "user-report" = "Compiled help files are very dangerous in email" }
}
{ "7"
{ "action" = "rename to .ppt" }
{ "regex" = "\.pps$" }
{ "log-text" = "Renamed .pps to .ppt" }
{ "user-report" = "Renamed .pps to .ppt" }
}