[irc/unrealircd/unrealircd.git] / dccallow.conf

/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
 * $Id$
 *
 * Actually nothing is *100% secure*... there could still be
 * bugs in the software itself (think: a winamp bug that can
 * be exploited via an mp3, or: a wmplayer bug that can be
 * exploited via a specially crafted .wmv, etc..).
 * If you are really that paranoid you could just remove
 * all 'allow dcc'-blocks and prompt the user for EVERY file ;).
 * 
 * Still, I think this file is a good tradeoff between userfriendlyness
 * and security. Note that when you try to only DENY specific
 * file type (exe, com, etc) you are *guaranteed* to miss ones
 * (like: did you know .r17 gets treated as a rar archive?
 *  and that an exe can be disguished as .cmd which is executable
 *  on nt/w2k/xp?)
 */

/* first.. deny everything, then allow known-good stuff... */
deny dcc { filename "*"; reason "Possible executable content"; soft yes; };
/* common image formats */
allow dcc { filename "*.jpg"; soft yes; };
allow dcc { filename "*.jpeg"; soft yes; };
allow dcc { filename "*.gif"; soft yes; };
allow dcc { filename "*.png"; soft yes; };
allow dcc { filename "*.bmp"; soft yes; };
/* audio / video (but not scripted/playlists!) */
allow dcc { filename "*.mp1"; soft yes; };
allow dcc { filename "*.mp2"; soft yes; };
allow dcc { filename "*.mp3"; soft yes; };
allow dcc { filename "*.mpg"; soft yes; };
allow dcc { filename "*.mpeg"; soft yes; };
allow dcc { filename "*.m1v"; soft yes; };
allow dcc { filename "*.m2v"; soft yes; };
allow dcc { filename "*.vob"; soft yes; };
allow dcc { filename "*.wav"; soft yes; };
/* text / misc */
allow dcc { filename "*.txt"; soft yes; };
allow dcc { filename "*.log"; soft yes; };
allow dcc { filename "*.pdf"; soft yes; };
allow dcc { filename "*.c"; soft yes; };
allow dcc { filename "*.cpp"; soft yes; };
Commit	Line	Data
6ec3822c BM	1	/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
	2	* $Id$
	3	*
	4	* Actually nothing is 100% secure... there could still be
	5	* bugs in the software itself (think: a winamp bug that can
	6	* be exploited via an mp3, or: a wmplayer bug that can be
	7	* exploited via a specially crafted .wmv, etc..).
	8	* If you are really that paranoid you could just remove
	9	* all 'allow dcc'-blocks and prompt the user for EVERY file ;).
	10	*
	11	* Still, I think this file is a good tradeoff between userfriendlyness
	12	* and security. Note that when you try to only DENY specific
	13	* file type (exe, com, etc) you are guaranteed to miss ones
	14	* (like: did you know .r17 gets treated as a rar archive?
	15	* and that an exe can be disguished as .cmd which is executable
	16	* on nt/w2k/xp?)
	17	*/
	18
	19	/* first.. deny everything, then allow known-good stuff... */
	20	deny dcc { filename "*"; reason "Possible executable content"; soft yes; };
	21	/* common image formats */
	22	allow dcc { filename "*.jpg"; soft yes; };
	23	allow dcc { filename "*.jpeg"; soft yes; };
	24	allow dcc { filename "*.gif"; soft yes; };
	25	allow dcc { filename "*.png"; soft yes; };
47f3c432	26	allow dcc { filename "*.bmp"; soft yes; };
6ec3822c BM	27	/* audio / video (but not scripted/playlists!) */
	28	allow dcc { filename "*.mp1"; soft yes; };
	29	allow dcc { filename "*.mp2"; soft yes; };
	30	allow dcc { filename "*.mp3"; soft yes; };
	31	allow dcc { filename "*.mpg"; soft yes; };
	32	allow dcc { filename "*.mpeg"; soft yes; };
	33	allow dcc { filename "*.m1v"; soft yes; };
	34	allow dcc { filename "*.m2v"; soft yes; };
47f3c432	35	allow dcc { filename "*.vob"; soft yes; };
6ec3822c	36	allow dcc { filename "*.wav"; soft yes; };
6ec3822c BM	37	/* text / misc */
6ec3822c BM	38	allow dcc { filename "*.txt"; soft yes; };
47f3c432	39	allow dcc { filename "*.log"; soft yes; };
6ec3822c BM	40	allow dcc { filename "*.pdf"; soft yes; };
	41	allow dcc { filename "*.c"; soft yes; };
	42	allow dcc { filename "*.cpp"; soft yes; };