[Mimedefang] filter timeout! what timeout values are you using?

Douglas J Hunley doug at hunley.homeip.net
Sun Jun 16 10:24:46 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

just wondering what most people are using for timeout values to avoid the 
dreaded 'filter timed out' messages. anyone? 
I've attached my filter, in case the timeouts are filter related and I don't 
need to adjust my timeout values. thanks in advance
- -- 
Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778
Admin: Linux StepByStep - http://www.linux-sxs.org
	and http://jobs.linux-sxs.org

panic("kmem_cache_init(): Offsets are wrong - I've been messed with!");
	2.2.16 /usr/src/linux/mm/slab.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9DJ+uSrrWWknCnMIRAj7PAJ9tkB4DGrFr+3+zVRJaZcyRC0nlegCgna+w
fAd8Dn+POsJJ1ikkEFrbmSQ=
=mFlp
-----END PGP SIGNATURE-----
-------------- next part --------------
# -*- Perl -*-
#***********************************************************************
#
# mimedefang-filter
#
#***********************************************************************

#***********************************************************************
# Set administrator's e-mail address here.  The administrator receives
# quarantine messages and is listed as the contact for site-wide
# MIMEDefang policy.  A good example would be 'defang-admin at mydomain.com'
#***********************************************************************
$AdminAddress = 'defang-admin at linux-sxs.org';
$AdminName = "MIMEDefang Administrator";

#***********************************************************************
# Set the e-mail address from which MIMEDefang quarantine warnings and
# user notifications appear to come.  A good example would be
# 'mimedefang at mydomain.com'.  Make sure to have an alias for this
# address if you want replies to it to work.
#***********************************************************************
$DaemonAddress = 'mimedefang at linux-sxs.org';

#***********************************************************************
# If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard
# to add warnings directly in the message body (text or html) rather
# than adding a separate "WARNING.TXT" MIME part.  If the message
# has no text or html part, then a separate MIME part is still used.
#***********************************************************************
$AddWarningsInline = 1;

#***********************************************************************
# Set various stupid things your mail client does below.
#***********************************************************************

# Set the next one if your mail client cannot handle nested multipart
# messages
$Stupidity{"flatten"} = 0;

# Set the next one if your mail client cannot handle multiple "inline"
# parts (*cough* Exchange *cough* Outlook)
$Stupidity{"NoMultipleInlines"} = 0;

# This procedure returns true for entities with bad filenames.
sub filter_bad_filename {
    my($entity) = @_; 
    my($bad_exts, $re);

    # Bad extensions
    $bad_exts = '(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|reg|scr|sct|shb|shs|sys|url|vb|vbe|vbs|vxd|wsc|wsf|wsh)';

    # Do not allow:
    # - curlies
    # - bad extensions (possibly with trailing dots) at end or
    #   followed by non-alphanum
    $re = '(\{)|(\})|(\.' . $bad_exts . ')\.*([^-A-Za-z0-9_.]|$)';
    return re_match($entity, $re);
}

#***********************************************************************
# %PROCEDURE: filter_begin
# %ARGUMENTS:
#  None
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  Called just before e-mail parts are processed
#***********************************************************************
sub filter_begin {
    $Boilerplate = "";


    # SpamAssassin checks 
	    my($hits, $req, $names, $report) = spam_assassin_check();
	    if ($hits >= 15) {
		action_quarantine_entire_message();
		action_bounce("SpamAssassin says this email is SPAM. Rejected.");
	    }
	    if ($hits >= $req) {
		action_change_header("X-Spam-Warning","SpamAssassin says this message is SPAM");
		action_change_header("X-Spam-Status","Yes, hits=$hits, required=$req");
		my $graph = '*' x ($hits > 50 ? 50 : int($hits));
		action_change_header("X-Spam-Level","$graph $hits $graph");
		$Boilerplate = $report;
	    } else {
		action_change_header("X-Spam-Status","No, hits=$hits, required=$req");
	    }

    # scan for virus
	my($code, $category, $action) = message_contains_virus_filescan();
	action_change_header("X-Virus-Scanned", "$action");
	$VirusScannerMessages =~ s/^\/var.*\n//g;
	$VirusScannerMessages =~ s/^\s+//;
	if ($action eq "quarantine") {
		action_bounce("File::Scan detected a VIRUS in your email. Rejected.");
		my $message =
		 "             VIRUS ALERT\n\n" .
		 "Our virus scanner found a VIRUS in your email to " .
		 "@Recipients.\n\nWe advise you to check your computer for " .
		 "viruses. We recommend the\nlatest version of the " .
		 "following anti-virus software:\n\n" .
		 " AVG  http://www.grisoft.com/\n" .
		 " (it's free for home use)\n" .
		 "\n BE SURE TO UPDATE YOUR ANTI-VIRUS SOFTWARE WITH " .
		 "THE LATEST VIRUS DEFINITIONS ROUTINELY.\n\nOur virus " .
		 "scanner reported the following:\n\n$VirusScannerMessages\n";
		if (open(IN, "<HEADERS")) {
			$message .="\n-----Original Message Headers-----\n";
			while (<IN>) {
				$message .= $_;
			}
			close(IN);
		}
		action_notify_sender($message);
		action_notify_administrator("-----Original Message-----\n" .
		 "From: $DaemonName <$DaemonAddress>\n" .
		 "Sent: " . localtime() . "\n" .
		 "To: $Sender\n" .
		 "Subject: MIMEDefang Notification.\n\n" .
		 $message);
		add_recipient($Administrator);
	} else {
		action_change_header("X-Virus-Scan","$VirusScannerMessages");
	}

}

#***********************************************************************
# %PROCEDURE: filter
# %ARGUMENTS:
#  entity -- a Mime::Entity object (see MIME-tools documentation for details)
#  fname -- the suggested filename, taken from the MIME Content-Disposition:
#           header.  If no filename was suggested, then fname is ""
#  ext -- the file extension (everything from the last period in the name
#         to the end of the name, including the period.)
#  type -- the MIME type, taken from the Content-Type: header.
#
#  NOTE: There are two likely and one unlikely place for a filename to
#  appear in a MIME message:  In Content-Disposition: filename, in
#  Content-Type: name, and in Content-Description.  If you are paranoid,
#  you will use the re_match and re_match_ext functions, which return true
#  if ANY of these possibilities match.  re_match checks the whole name;
#  re_match_ext checks the extension.  See the sample filter below for usage.
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  This function is called once for each part of a MIME message.
#  There are many action_*() routines which can decide the fate
#  of each part; see the mimedefang-filter man page.
#***********************************************************************
sub filter {
    my($entity, $fname, $ext, $type) = @_;

    # check for 'bad' files as attachments
    if (filter_bad_filename($entity)) {
	return action_replace_with_url($entity,
	 "/opt/apache/htdocs/defanged",
	 "http://hunley.homeip.net/defanged",
	 "An attachment named \'$fname\' was removed from this message " .
	 "as it\nconstituted a possible security hazard. If you require " .
	 "this attachment, please visit:\n\n\t_URL_\n");
    }

    # eml is bad if it's not multipart
    if (re_match($entity, '\.eml')) {
	return action_replace_with_url($entity,
	 "/opt/apache/htdocs/defanged",
	 "http://hunley.homeip.net/defanged",
	 "An attachment named \'$fname\' was not attached as multi-part " .
	 "and thus\npresented a possible security hazard and was removed. " .
	 "\nIf you require this attachment, please visit:\n\n\t_URL_\n");
    }

    # store attachments bigger than 2Mb on the web server
    # since they are "safe" at this point and since files
    # really shouldn't be sent through email anyway
    $size = (stat($entity->bodyhandle->path))[7];
    if ($size > 2048000) {
	action_replace_with_url($entity,
	 "/opt/apache/htdocs/defanged",
	 "http://hunley.homeip.net/defanged",
	 "An attachment named \'$fname\' was larger than 2Mb and thus " .
	 "was removed\n from this message. It may be retrieved by " .
	 "visiting:\n\n\t_URL_\n");
    }

    return action_accept();
}

#***********************************************************************
# %PROCEDURE: filter_multipart
# %ARGUMENTS:
#  entity -- a Mime::Entity object (see MIME-tools documentation for details)
#  fname -- the suggested filename, taken from the MIME Content-Disposition:
#           header.  If no filename was suggested, then fname is ""
#  ext -- the file extension (everything from the last period in the name
#         to the end of the name, including the period.)
#  type -- the MIME type, taken from the Content-Type: header.
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  This is called for multipart "container" parts such as message/rfc822.
#  You cannot replace the body (because multipart parts have no body),
#  but you should check for bad filenames.
#***********************************************************************
sub filter_multipart {
    my($entity, $fname, $ext, $type) = @_;

    if (filter_bad_filename($entity)) {
	action_notify_administrator("A MULTIPART attachment of type $type, named $fname was dropped.\n");
	return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
    }

    # eml is bad if it's not message/rfc822
    if (re_match($entity, '\.eml') and ($type ne "message/rfc822")) {
	return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
    }

    return action_accept();
}


#***********************************************************************
# %PROCEDURE: defang_warning
# %ARGUMENTS:
#  oldfname -- the old file name of an attachment
#  fname -- the new "defanged" name
# %RETURNS:
#  A warning message
# %DESCRIPTION:
#  This function customizes the warning message when an attachment
#  is defanged.
#***********************************************************************
sub defang_warning {
    my($oldfname, $fname) = @_;
    return
	"An attachment named '$oldfname' was converted to '$fname'.\n" .
	"To recover the file, right-click on the attachment and Save As\n" .
	"'$oldfname'\n";
}

sub filter_end {
    my($entity) = @_;

    # No sense doing any extra work
    return if message_rejected();

}

# DO NOT delete the next line, or Perl will complain.
1;



More information about the MIMEDefang mailing list