Univention Bugzilla – Bug 32387
Review default configuration of Dansguardian for banned extensions/MIME types
Last modified: 2017-08-08 07:09:24 CEST
If content scan has been enabled in Dansguardian using squid/contentscan the attached list of extensions are are banned by default: (/etc/dansguardian/lists/bannedextensionlist) The default configuration should be reviewed/trimmed down. - It blocks .doc and .xls by default (but not the dozens of other file types potentially containing macros). It's the job of the office application to enforce a macro policy, this isn't something the proxy should enforce by default. - It has a list of extensions labeled "Time/bandwidth wasting files", which blocks some multimedia files or ISO images. There are endless valid use cases for these, so this should't be in the default banned policy. Some of the extensions for executable files seem fishy as well, e.g. "crt" or "otf".
Created attachment 5397 [details] Default list of blocked extensions
The same applies for the variable dansguardian/groups/.*/banned/mimetypes: By default a fairly obscure list of multimedia MIME extensions is blocked: audio/mpeg audio/x-mpeg audio/x-pn-realaudio audio/x-wav video/mpeg video/x-mpeg2 video/acorn-replay video/quicktime video/x-msvideo video/msvideo application/gzip application/x-gzip application/zip application/compress application/x-compress application/java-vm Multimedia files should be blocked by default (and the list is totally ancient!) and MIME types for executable files are not present.
Feedback from a customer from a technical training who tried to use the content scanning in the company confirms that: Using the web is unusable with the default configuration since far too many (harmless) files and extensions are blocked. Unfortunately the list can only be relaxed by editing the UCR templates. I suppose this is also the reason for the performance problems mentioned in Bug 27777
*** Bug 37340 has been marked as a duplicate of this bug. ***
*** Bug 37329 has been marked as a duplicate of this bug. ***
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 3.1. UCS 3.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.