docker-unrealircd/conf/dccallow.conf

/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
 * $Id$
 *
 * Actually nothing is *100% secure*... there could still be
 * bugs in the software itself (think: a winamp bug that can
 * be exploited via an mp3, or: a wmplayer bug that can be
 * exploited via a specially crafted .wmv, etc..).
 * If you are really that paranoid you could just remove
 * all 'allow dcc'-blocks and prompt the user for EVERY file ;).
 * 
 * Still, I think this file is a good tradeoff between userfriendlyness
 * and security. Note that when you try to only DENY specific
 * file type (exe, com, etc) you are *guaranteed* to miss ones
 * (like: did you know .r17 gets treated as a rar archive?
 *  and that an exe can be disguished as .cmd which is executable
 *  on nt/w2k/xp?)
 */

/* first.. deny everything, then allow known-good stuff... */
deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
/* common image formats */
allow dcc { filename "*.jpg"; soft yes; }
allow dcc { filename "*.jpeg"; soft yes; }
allow dcc { filename "*.gif"; soft yes; }
allow dcc { filename "*.png"; soft yes; }
allow dcc { filename "*.bmp"; soft yes; }
/* audio / video (but not scripted/playlists!) */
allow dcc { filename "*.mp1"; soft yes; }
allow dcc { filename "*.mp2"; soft yes; }
allow dcc { filename "*.mp3"; soft yes; }
allow dcc { filename "*.mpg"; soft yes; }
allow dcc { filename "*.mpeg"; soft yes; }
allow dcc { filename "*.m1v"; soft yes; }
allow dcc { filename "*.m2v"; soft yes; }
allow dcc { filename "*.vob"; soft yes; }
allow dcc { filename "*.wav"; soft yes; }
/* text / misc */
allow dcc { filename "*.txt"; soft yes; }
allow dcc { filename "*.log"; soft yes; }
allow dcc { filename "*.pdf"; soft yes; }
allow dcc { filename "*.c"; soft yes; }
allow dcc { filename "*.cpp"; soft yes; }
Initial 2021-10-12 02:40:30 +03:00			`/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.`
			`* $Id$`
			`*`
			`* Actually nothing is 100% secure... there could still be`
			`* bugs in the software itself (think: a winamp bug that can`
			`* be exploited via an mp3, or: a wmplayer bug that can be`
			`* exploited via a specially crafted .wmv, etc..).`
			`* If you are really that paranoid you could just remove`
			`* all 'allow dcc'-blocks and prompt the user for EVERY file ;).`
			`*`
			`* Still, I think this file is a good tradeoff between userfriendlyness`
			`* and security. Note that when you try to only DENY specific`
			`* file type (exe, com, etc) you are guaranteed to miss ones`
			`* (like: did you know .r17 gets treated as a rar archive?`
			`* and that an exe can be disguished as .cmd which is executable`
			`* on nt/w2k/xp?)`
			`*/`

			`/* first.. deny everything, then allow known-good stuff... */`
			`deny dcc { filename "*"; reason "Possible executable content"; soft yes; }`
			`/* common image formats */`
			`allow dcc { filename "*.jpg"; soft yes; }`
			`allow dcc { filename "*.jpeg"; soft yes; }`
			`allow dcc { filename "*.gif"; soft yes; }`
			`allow dcc { filename "*.png"; soft yes; }`
			`allow dcc { filename "*.bmp"; soft yes; }`
			`/* audio / video (but not scripted/playlists!) */`
			`allow dcc { filename "*.mp1"; soft yes; }`
			`allow dcc { filename "*.mp2"; soft yes; }`
			`allow dcc { filename "*.mp3"; soft yes; }`
			`allow dcc { filename "*.mpg"; soft yes; }`
			`allow dcc { filename "*.mpeg"; soft yes; }`
			`allow dcc { filename "*.m1v"; soft yes; }`
			`allow dcc { filename "*.m2v"; soft yes; }`
			`allow dcc { filename "*.vob"; soft yes; }`
			`allow dcc { filename "*.wav"; soft yes; }`
			`/* text / misc */`
			`allow dcc { filename "*.txt"; soft yes; }`
			`allow dcc { filename "*.log"; soft yes; }`
			`allow dcc { filename "*.pdf"; soft yes; }`
			`allow dcc { filename "*.c"; soft yes; }`
			`allow dcc { filename "*.cpp"; soft yes; }`