[Mimedefang] 2.3->2.6 : action_accept()

hans.mayer at relay.bfl.at hans.mayer at relay.bfl.at
Mon Mar 18 12:40:49 EST 2002 

hi david 
hi mailinglist members 

call me paranoid, but my idea of filtering is the following:
  - quarantine dangerous extensions 
  - accept some extensions, we need 
  - drop all others ( as there could be also a solaris worm, we
      do not store on the server ) 

installing 2.6 in test-lab works great. ( as all 
versions back to 0.7 we are using the first time ) 

due to the idea above, i modified /etc/mail/mimedefang-filter 
see below. 

if i send an e-mail with an doc-attachement, i get 
this one, but getting an additional warning:

WARNING: This e-mail has been altered by MIMEDefang.  Following this
paragraph are indications ......

and at the end: 

An attachment named  was removed from this document as it
is of unknown type .... 

for my opinion, the return does not work. 
or action_accept has changed.
also content of $fname was cleared, see above: "... named  was ..."
an compare with end of routine

i assume, there are some changes in action_accept() 
from version 2.3 to 2.6, as in 2.3 the script did 
work in that way. 
or i am missing something ? 
( being not a well perl-programmer ) 

any help would be nice.

ps: the same with exe-files, but quarantined and not
    attached, as expected.


best regards from vienna 
hans 

------------------------------------------------------------
this is my "sub filter" in /etc/mail/mimedefang-filter:
all others are original from installation
------------------------------------------------------------
sub filter {
    my($entity, $fname, $ext, $type) = @_;

    if (re_match_ext($entity, '^\.(bat|chm|cmd|com|cpl|dll|eml|exe|hlp|hta|ini|js|lib|lnk|msi|msp|ocx|pif|reg|reg|scr|sct|shb|shs|sys|vbe|vbs?|vxd|wsf|wsh)$')) {
        return action_quarantine($entity, "An attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
    }

    if (re_match_ext($entity, '^\.(rtf|doc|xls)$')) {
        return action_accept();
    }


    # Uncomment next three lines ONLY if you have installed the Anomy tools!
    # yes i have installed - did match in ./configure 
    if ($type eq "text/html") {
        return anomy_clean_html($entity);
    }

    # return action_accept();
    # all others will be dropped
    return action_drop_with_warning("An attachment named $fname was removed from this document as it\nis of unknown type and may constitute a security hazard.\nIf you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");

}

More information about the MIMEDefang mailing list