[Mimedefang] logging the name of quarantine directory

Tony Nugent tony at linuxworks.com.au
Wed Aug 28 22:01:01 EDT 2002 

When a message (or an attachment) is quarantined, at the point where
the filter decides to do that (before any calls to either of the
action_quarantine_*() functions have been made), I would like to
generate syslogs that look something like:

 VIRUS (name) to [recpients] from [sender] discarded and quarantined in [qdir]
 BAD ATTACHMENT [fname.ext) to [recpients] from [sender] removed and quarantined in [qdir]
 SPAM (>12) to [recpients] from [sender] discarded and quarantined in [qdir]

I have found (in mimedefang.pl) that if I call get_quarantine_dir()
at the point where I want to generate the log message, the variable
$QuarantineSubdir is set for that message - which is exactly what I
need... so I call that first, then I can use that variable in the
syslog() call.  (If the function is called again with
$QuarantineSubdir defined, then it simply returns without changing
it, good).

This seems to work just fine, the qdir is correctly named in the
logs.

  Doing this makes it easy for a simple grep to produce a good
  activity summaries (eg, from cron jobs), it gives me a useful way
  to differentiate which directories have viruses, spam or bad
  attachments, and the variable can also be used to set
  $QuarantineSubject for notifications.

However, this function is an "undocumented" feature... is calling
get_quarantine_dir() like this a "safe" thing to do, before any of
the action_quarantine_*() calls?

David, I would find it useful if $QuarantineSubdir was already set
for a message as a "standard global variable"... I would not then
need to worry about doing any calls to get_quarantine_dir() at all.

Also, if just the timestamp part of the qdir name (the part that
varies) is always available as a sort of internal "serial number"
for that particular message (eg, to insert into a header or syslog
message), then I'd also find this very useful for message
tracking/matching purposes (especially if it correlates with the
qdir name).

Is sendmail's ID for a message (eg "g7R2THkN015509") available to
the filter?


BTW, I went ahead and set up an IMAP-based general-access "spammer"
mailbox which gets all the high-scoring spam (as I described in a
recent previous message regarding spam management), and it works
just fine for doing local small-scale spam-trap management. :)

Cheers
Tony

More information about the MIMEDefang mailing list