[Mimedefang] 2.3->2.6 : action_accept()
hans.mayer at relay.bfl.at
hans.mayer at relay.bfl.at
Mon Mar 18 12:40:49 EST 2002
hi david
hi mailinglist members
call me paranoid, but my idea of filtering is the following:
- quarantine dangerous extensions
- accept some extensions, we need
- drop all others ( as there could be also a solaris worm, we
do not store on the server )
installing 2.6 in test-lab works great. ( as all
versions back to 0.7 we are using the first time )
due to the idea above, i modified /etc/mail/mimedefang-filter
see below.
if i send an e-mail with an doc-attachement, i get
this one, but getting an additional warning:
WARNING: This e-mail has been altered by MIMEDefang. Following this
paragraph are indications ......
and at the end:
An attachment named was removed from this document as it
is of unknown type ....
for my opinion, the return does not work.
or action_accept has changed.
also content of $fname was cleared, see above: "... named was ..."
an compare with end of routine
i assume, there are some changes in action_accept()
from version 2.3 to 2.6, as in 2.3 the script did
work in that way.
or i am missing something ?
( being not a well perl-programmer )
any help would be nice.
ps: the same with exe-files, but quarantined and not
attached, as expected.
best regards from vienna
hans
------------------------------------------------------------
this is my "sub filter" in /etc/mail/mimedefang-filter:
all others are original from installation
------------------------------------------------------------
sub filter {
my($entity, $fname, $ext, $type) = @_;
if (re_match_ext($entity, '^\.(bat|chm|cmd|com|cpl|dll|eml|exe|hlp|hta|ini|js|lib|lnk|msi|msp|ocx|pif|reg|reg|scr|sct|shb|shs|sys|vbe|vbs?|vxd|wsf|wsh)$')) {
return action_quarantine($entity, "An attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
}
if (re_match_ext($entity, '^\.(rtf|doc|xls)$')) {
return action_accept();
}
# Uncomment next three lines ONLY if you have installed the Anomy tools!
# yes i have installed - did match in ./configure
if ($type eq "text/html") {
return anomy_clean_html($entity);
}
# return action_accept();
# all others will be dropped
return action_drop_with_warning("An attachment named $fname was removed from this document as it\nis of unknown type and may constitute a security hazard.\nIf you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
}
More information about the MIMEDefang
mailing list