[Mimedefang] Malformed MIME: A warning

Marc SCHAEFER schaefer at alphanet.ch
Fri Apr 26 03:05:46 EDT 2002


On Thu, 25 Apr 2002, Roberto Machado wrote:

>  a succesful story on this matter? Is there any perl module easy to
>  integrate with Mimedefang?

no, but I use that:

    # For what remains, we will use the file(1) UNIX command.
    # Whatever is harmless will go through, whatever is dangerous
    # will get quarantined, and the rest will be defanged.

    my $magic_file_type = &get_magic_file_type($entity);
    if (defined($magic_file_type)) {
       my @array;

       &log_info("mimedefang-filter",
                 "INFO",
                 "Found magic file type: %"
                 . $magic_file_type
                 . "%");

       if (&load_regexp("/etc/mail/magic-file-types-passthrough-regexps",
                        \@array)) {
          if (&string_in_regexp(\@array, $magic_file_type)) {
             &log_info("mimedefang-filter", "INFO", "Accepting filetype");
             return action_accept();
          }
       }
       else {
          &log_info("mimedefang-filter",
                    "ERROR",
                    "/etc/mail/magic-file-types-passthrough-regexps load err");
       }
       if (&load_regexp("/etc/mail/magic-file-types-dangerous-regexps",
                        \@array)) {
          if (&string_in_regexp(\@array, $magic_file_type)) {
             &log_info("mimedefang-filter", "INFO", "Rejecting file type");
          action_notify_sender("The attachment '$fname' was deleted. It
contains\na Microsoft Windows executable, disguised, which is a security 
threat to Microsoft Windows\nplatforms. If you run UNIX, you are probably
immune to those problems.\nIf you run Microsoft Windows, and you do not
remember having sent\nthis attachment, please run a virus-checking
software and refer to management.\n");
          return action_quarantine($entity, "An attachment named $fname
was removed from this document as it\nconstituted a security hazard for
Microsoft Windows environments.\nIf you do not run Microsoft Windows you
are immune to this problem,\nbut in general you won't need this file
anyway.\nIf you require this document, please contact\nthe sender and
arrange an alternate means of receiving it.\n");
          }
       }
       else {
          &log_info("mimedefang-filter",
                    "ERROR",
                    "/etc/mail/magic-file-types-dangerous-regexps load err");
       }
    }



sub get_magic_file_type {
   my($entity) = @_;
   my($body) = $entity->bodyhandle;

   # Get filename
   my ($file_name) = $body->path;

   # Some kind of security.
   if (!&valid_file_parameter($file_name)) {
      &log_info("mimedefang-filter",
                 "WARN",
                 "security: file name bad: "
                 . $file_name);
      return undef; # will be defanged.
   }

   if (defined($file_name)) {
      if (open(FILE_MAGIC, "/usr/bin/file " . $file_name . "|")) {
         my $magic_info = <FILE_MAGIC>;

         chomp($magic_info);

         &log_info("mimedefang-filter", "INFO", "magic type: " . $magic_info);

         close(FILE_MAGIC); # error ignored.

         return $magic_info; # SUCCEEDED
      }
      else {
         print "Error opening: ", $!, "\n";
         &log_info("mimedefang-filter", "ERROR", "Error piping to file");
      }
   }

   return undef;
}


maybe one day I will resync with the current MIMEDefang development. My
version is quite different now.






More information about the MIMEDefang mailing list