[Mimedefang] defang_mime = 1 in spamassassin.cf with MIMEdefang

Mike Batchelor mikebat at tmcs.net
Thu Apr 4 17:49:48 EST 2002 

--On Thursday, April 04, 2002 11:40 AM -0800 Mike Batchelor 
<mikebat at tmcs.net> wrote:

> I do the Spamassassin checks in filter_begin(), straight from the
> MIMEdefang Tips page on RoaringPenguin, with slight changes:

Never mind that.  I was confused about where the code originates.  Here is 
my mimedefang-filter in total.  Why are text/html spams not changed to 
text/plain, a la Spamassassin, but using MIMEdefang code to do it?  If I 
set a variable in filter_begin(), should't its value be accessible in 
filter()?  Or is variable scope not related to my problem here?  I'm a perl 
newbie, forgive me. :(

$Administrator = 'abuse at bv.to';
$DaemonAddress = 'abuse at bv.to';
$Stupidity{"flatten"} = 0;
$Stupidity{"NoMultipleInlines"} = 1;
sub filter_begin {
    # ALWAYS drop messages with suspicious chars in headers or body
    if ($SuspiciousCharsInHeaders || $SuspiciousCharsInBody) {
        action_quarantine_entire_message();
        if ($SuspiciousCharsInHeaders) {
            action_notify_administrator("Message quarantined because of 
suspicious characters in headers");
        } else {
            action_notify_administrator("Message quarantined because of 
suspicious characters in body");
        }
        # Do NOT allow message to reach recipient(s)
        action_discard();
    }

    # Spam checks
    $foundSpam = "no";
    if ((-s "./INPUTMSG") <= (50 * 1024)) {
      my($hits, $req, $names, $report) = spam_assassin_check();
      if ($hits >= $req) {
        action_add_header("X-Spam-Detect", "HIGH");
        action_add_header("X-Spam-Status", "Yes, hits=$hits required=$req");
        $foundSpam = "yes";
      } else {
        action_add_header("X-Spam-Status", "No, hits=$hits required=$req");
      }
      action_add_header("X-Spam-Report","$report");
    }
}

sub filter {
    my($entity, $fname, $ext, $type) = @_;
    if (re_match_ext($entity, 
'^\.(bat|chm|cmd|com|cpl|dll|eml|exe|hlp|hta|ini|js|lib|lnk|msi|msp|ocx|pif
|reg|reg|scr|sct|shb|shs|sys|vbe|vbs?|vxd|wsf|wsh)$')) {
        return action_quarantine($entity, "An attachment named $fname was 
removed from this document as it\nconstituted a security hazard.  If you 
require this document, please contact\nthe sender and arrange an alternate 
means of receiving it.\n");
    }

    # If Spamassassin found spam, convert text/html to text/plain
    if ($foundSpam eq "yes") {
      if ($type eq "text/html") {
        $entity->head->mime_attr("content-type" => "text/plain");
      }
    }
    return action_accept();
}
sub defang_warning {
    my($oldfname, $fname) = @_;
    return
        "An attachment named '$oldfname' was converted to '$fname'.\n" .
        "To recover the file, right-click on the attachment and Save As\n" .
        "'$oldfname'\n";
}
1;



---
"The avalanche has already begun. It is too late for the pebbles to vote."
 -- Kosh

More information about the MIMEDefang mailing list