HEX
Server: Apache
System: Linux dinesh8189 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: cgmgerenciamento1 (814285)
PHP: 8.1.26
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /opt/puppetlabs/puppet/share/augeas/lenses/dist/tests/
Upload Files
File: //opt/puppetlabs/puppet/share/augeas/lenses/dist/tests/test_mailscanner_rules.aug
module Test_Mailscanner_Rules =
let conf = "# JKF 10/08/2007 Adobe Acrobat nastiness
rename	\.fdf$			Dangerous Adobe Acrobat data-file						Opening this file can cause auto-loading of any file from the internet

# JKF 04/01/2005 More Microsoft security vulnerabilities
deny	\.ico$			Windows icon file security vulnerability					Possible buffer overflow in Windows
allow	\.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$	-	-
deny+delete	\.cur$			Windows cursor file security vulnerability					Possible buffer overflow in Windows
andrew@baruwa.com,andrew@baruwa.net	\.reg$		Possible Windows registry attack						Windows registry entries are very dangerous in email
andrew@baruwa.com andrew@baruwa.net	\.chm$		Possible compiled Help file-based virus						Compiled help files are very dangerous in email
rename to .ppt	\.pps$		Renamed .pps to .ppt							Renamed .pps to .ppt
"

test Mailscanner_Rules.lns get conf =
    { "#comment" = "JKF 10/08/2007 Adobe Acrobat nastiness" }
    { "1"
        { "action" = "rename" }
        { "regex" = "\.fdf$" }
        { "log-text" = "Dangerous Adobe Acrobat data-file" }
        { "user-report" = "Opening this file can cause auto-loading of any file from the internet" }
    }
    {}
    { "#comment" = "JKF 04/01/2005 More Microsoft security vulnerabilities" }
    { "2"
        { "action" = "deny" }
        { "regex" = "\.ico$" }
        { "log-text" = "Windows icon file security vulnerability" }
        { "user-report" = "Possible buffer overflow in Windows" }
    }
    { "3"
        { "action" = "allow" }
        { "regex" = "\.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$" }
        { "log-text" = "-" }
        { "user-report" = "-" }
    }
    { "4"
        { "action" = "deny+delete" }
        { "regex" = "\.cur$" }
        { "log-text" = "Windows cursor file security vulnerability" }
        { "user-report" = "Possible buffer overflow in Windows" }
    }
    { "5"
        { "action" = "andrew@baruwa.com,andrew@baruwa.net" }
        { "regex" = "\.reg$" }
        { "log-text" = "Possible Windows registry attack" }
        { "user-report" = "Windows registry entries are very dangerous in email" }
    }
    { "6"
        { "action" = "andrew@baruwa.com andrew@baruwa.net" }
        { "regex" = "\.chm$" }
        { "log-text" = "Possible compiled Help file-based virus" }
        { "user-report" = "Compiled help files are very dangerous in email" }
    }
    { "7"
        { "action" = "rename to .ppt" }
        { "regex" = "\.pps$" }
        { "log-text" = "Renamed .pps to .ppt" }
        { "user-report" = "Renamed .pps to .ppt" }
    }
@ Telegram