Welcome to AVAcl...
Avacl is a (one hopes) simple program which allows you to control various aspects
of email scanners such as AMaViS and Inflex with a finer degree of control. Such
things as per-user or per-domain relaxations of file type or name blocking, as well
as enforcing total email blocking on a per-user/domain level.
Status
Avacl is currently in ALPHA development phase. It's fully functional, but may alter
in it's purpose/design.
How it works
Avacl uses the following command line parameters...
avacl -s >sender< (email address of sender)
-r >receiver< (email address of recipient)
-n >filename< (name of file we're testing)
-t >filetype< (the type as returned by 'file' of the file)
[-c >AVAcl configuration file< (default is /usr/local/avacl/avacl.conf)]
[-v Be verbose about results]
[-V (get the version)]
[-h (help)]
A typical command line invokement might look like...
avacl -s pldaniels@pldaniels.com -r joe@nowhere.co.za -n unknown.doc -t `file unknown.doc`
The result of the scan is available by two options.
- The exit-result of the avacl command line will have a bit set for each
test pass/fail result as follows...(each from LSB)
- Type blocking
- Name blocking
- Text-content blocking
- Size blocking
- User/domain blocking
- By selecting the '-v' flag for Avacl, you can get a verbose resulting as follows
type=?:name=?:text=?:size=?:user=?
Where '?' will be '0' if test passed and greater than 0 if it failed.
Support files
Avacl requires the following support files (typically installed into /usr/local/avacl)
- filetype.block - contains file types to block and respective comments
- filename.block - contains file names to block and respective comments
- filetext.block - contains file text-strings to block and respective comments
- users.db - contains additional per-user/domain restriction relaxations or increments
- avacl.conf - Configuration file specifying the location of the above files and various other items.
Format of users.db
The users.db file contains a single user/domain entry per line. The format of the line is as follows...
<username/domainname>[:b][:z<kbyte-size>][:t<file type to release>][:n<file name to release>]
Thus, a line of...
pldaniels.com:z9000:tEXE:njunk.bmp:nprettypark.exe:tMOV
gives anyone with a domain name of pldaniels.com a maximum email size limit of 9000kb,
allows EXE's to pass, allows junk.bmp file to pass, allows prettypark.exe to pass and allows
MOV files to pass.
In contraditction, a line as follows...
spammers.com:b
will block all emails from/to spammers.com.
Licence
Avacl is licenced under a BSD style licence.
Download
Things to do
- Finish off documentation
- Create built in use of FILE command
- Incorporate as part of Ebola project
Contacts...
You can contact the author (Paul L Daniels) via email on pldaniels@pldaniels.com.
Other software written by Paul L Daniels...
- Inflex - Sendmail based Bidirectional email scanner.
- jslice - Image slicer and table generator for HTML.
- ripMIME - MIME attachment extractor for email.
- ebola - AV Script to AV Scanning engine bridge.
- pppdropper - PPP line utilisation based dropper.
- cInflex - Commercial, written in C version of Inflex (incl's ACL's).
|