# Do not log to STDERR:
feat_log_stderr = 0
feat_log_inline = 0
feat_log_xml = 0

# Advertisement to insert in each mail header:
header_info = X-Sanitizer: Anomy Mail Sanitizer
header_url = 0
header_rev = 0

# Enable filename based policy decisions:
feat_files = 1

# Protect against buffer overflows and null values:
feat_lengths = 1

# Fix invalid and ambiguous MIME boundaries, if possible:
feat_fixmime = 1

# Trust signed and/or encrypted messages:
feat_trust_pgp = 1
msg_pgp_warning = WARNING: Unsanitized content follows.\n

# Defang shell scripts:
feat_scripts = 1

# Defang active HTML:
feat_html = 0

# Defang UUEncoded files:
feat_uuencoded = 1

# Sanitize forwarded content too:
feat_forwards = 1

# Testing? Set to 1 for testing, 0 for production:
feat_testing = 0

# Warn user about unscanned parts, etc.
feat_verbose = 1

# Force all parts (except text/html parts) to
# have file names.
feat_force_name = 1

# Disable web bug
feat_webbugs = 1

# Disable "score" based mail discarding:
score_panic = 0
score_bad = 0

# Define message for dropped files

msg_file_drop  = \n*****\n
msg_file_drop += NOTE: An attachment named %FILENAME was deleted from this message\n
msg_file_drop += because it contained a windows executable or other potentially\n
msg_file_drop += dangerous file type.\n\n
msg_file_drop += Contact the system administrator for more information.\n


##
## File attachment name mangling rules:
##

# Specify the Anomy temp file and quarantine directory
file_name_tpl       = /var/opt/anomy/quarantine/att-$F-$T.$$

# Number of rulesets we are defining:
file_list_rules     = 4

# Quarantine dangerous attachments:
file_list_1 = (?i)(winmail.dat)|
file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf
file_list_1 += |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
file_list_1_policy  = save
file_list_1_scanner = 0

# Allow through some safe file types
file_list_2         = (?i)\.(gif|jpe?g|pn[mg]|x[pb]m|dvi|e?ps|p(df|cx)|bmp
file_list_2        += |mp[32]|wav|au|ram?
file_list_2        += |avi|mov|mpe?g
file_list_2        += |t(xt|ex)|csv|l(og|yx)|sql|jtmpl
file_list_2        += |[ch](pp|\+\+)?|s|inc|asm|pa(tch|s)|java|php\d?
file_list_2        += |[ja]sp
file_list_2        += |patch|diff
file_list_2        += |can|pos|ux|reg|kbf|xal|\d+)(\.g?z|\.bz\d?)*$
file_list_2_policy  = accept
file_list_2_scanner = 0

# Scan potentially dangerous filetypes and quarantine if infected
file_list_3         = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|html|pdf
file_list_3        += |sxw|sxc
file_list_3        += |class|swf|upd|wp\d?|m?db
file_list_3        += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
file_list_3        += )(\.g?z|\.bz\d?)*$
file_list_3_policy  = accept:accept:save:save
file_list_3_scanner = 0:2:3:/opt/anomy/bin/check_for_virus %FILENAME

# Scan everyting else and mangle the file name (to prevent Outlook from
# auto-executing something)
file_list_4         = (?i)(.*)
file_list_4_policy  = defang:defang:save:save
file_list_4_scanner = 0:2:3:/opt/anomy/bin/check_for_virus %FILENAME