Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Tmpl.Scan options for anti-phishing rules #788

Closed
wants to merge 3 commits into from
Closed

Add Tmpl.Scan options for anti-phishing rules #788

wants to merge 3 commits into from

Conversation

isaak654
Copy link
Collaborator

@isaak654 isaak654 commented Apr 15, 2021
edited
Loading

With this commit, automatic detection of anti-phishing rules per browser is achieved through appropriate scan options, so it deprecates the use of Firefox_Phishing_DirectAccess and Chrome_Phishing_DirectAccess as default templates.

By approving this commit, the decision to accept these templates is demanded to the user after the upgrade through the Software Compatibility tab (the #4337, reference will be replaced with 'Allow direct access to xxx phishing database'):
Software_compatibility_tab

I tested successfully the detection of all browsers supported by Sandboxie, including Firefox and Edge.
The first one was a bit hard to be recognized automatically in Classic's Software Compatibility, but it was sufficient to apply and uncheck twice Firefox_Phishing_DirectAccess in DefaultBox settings.

New configurations will benefit from this change, but also all old configurations cleaned from the Firefox_Phishing_DirectAccess and Chrome_Phishing_DirectAccess references inside sandboxes.

@isaak654
Split anti-phishing rules per browser
f18c53a 
Automatic detection of anti-phishing rules per browser is achieved through scan options, so this deprecates the use of Firefox_Phishing_DirectAccess and Chrome_Phishing_DirectAccess as default templates.
@APMichael
Copy link
Contributor

JFYI: In the past, the asterisk "*" after "safebrowsing" was necessary. The update was done via temporary files or folders. Without the asterisk "*", the update then always failed.

@isaak654
Copy link
Collaborator Author

isaak654 commented Apr 16, 2021
edited
Loading

@APMichael
Thank you for the info. I don't want to take any risk, so I'll edit the commit accordingly.

Most likely blocklist.xml and cert9.db will stay the same, because some known trojans rename them.

@APMichael
Copy link
Contributor

Yes, "blocklist.xml" and "cert9.db" work fine. These do not need an asterisk.

@isaak654
Copy link
Collaborator Author

isaak654 commented Apr 19, 2021
edited
Loading

I tested extensively the detection for all supported browsers, so this pull request is not a working in progress anymore.
Now it's up to @DavidXanatos, but obviously any review is appreciated.

UPDATE:
immagine
If you want to set those browsers with a per-sandbox approach, I don't have any objection... I assume it requires some changes regarding the implementation of Tmpl.Scan options (they are responsible to set the templates as global in any case).

You might want to consider to add a new Scan option in order to exclude this behavior.

@isaak654 isaak654 marked this pull request as ready for review April 19, 2021 01:10
@isaak654 isaak654 added the ToDo To be done label Jun 7, 2021
@isaak654 isaak654 changed the title Split anti-phishing rules per browser Split anti-phishing rules per browser (with Tmpl.Scan options) Jun 13, 2021
@isaak654 isaak654 mentioned this pull request Jun 15, 2021
Merged
@isaak654 isaak654 changed the title Split anti-phishing rules per browser (with Tmpl.Scan options) Add Tmpl.Scan options for anti-phishing rules Jun 15, 2021
@isaak654 isaak654 added Confirmation Pending Further confirmation is requested and removed ToDo To be done labels Jun 21, 2021
@isaak654 isaak654 requested a review from DavidXanatos June 23, 2021 21:14
@isaak654
Copy link
Collaborator Author

Nobody seems interested in this PR, so it's time to close.

If anyone wants, just let me know here and I'll recreate these changes in a new PR.

@isaak654 isaak654 closed this Sep 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidXanatos DavidXanatos Awaiting requested review from DavidXanatos

Assignees
No one assigned
Labels
Confirmation Pending Further confirmation is requested Feature Request New feature or idea
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@isaak654 @APMichael