[Mimedefang] Bug in action_defang?

Sidney Markowitz sidney at sidney.com
Fri Oct 25 22:43:00 EDT 2002


David F. Skoll <dfs at roaringpenguin.com> asked:
To: <mimedefang at lists.roaringpenguin.com>
Sent: Friday, October 25, 2002 6:04 PM
Subject: Re: [Mimedefang] Bug in action_defang?


> Just out of curiosity, why do you want to do this?
> Why repeat the message content?
> Also, what if the original message has more than one
> part -- do you want them all to be defanged?

When I first used Spamassassin, before I tried MIMEDefang, I used its defang_mime
option which changes the Content-Type in the header so that anything dangerous or
offensive does not get decoded or rendered by the MUA. That's a simple one-header
change to the headers that does the job on all parts at once with no need for any
fancy MIME parsing.

I found it convenient to be able to look at messages in the spam folder to check for
false positives, being able to see enough in the raw HTML to tell if something was
really spam without worrying about pictures popping up or scripts being activated.

When I switched to MIMEDefang I missed that, so I added the code in filter_end that I
posted. That seem to work ok until I ran into the double Content-Type headers.

What was still missing was the ability to easily retrieve the original message if it
was a false positive. So I added creation of a message/rfc822 copy as a file
attachment, and made the SA report an inline text attachment. The extra copy doesn't
bother me, as I don't have to look at it and it is there to save and recover the
original email message if I need to.

I suppose I could do it for every part, but it looks like it would be a lot easier to
get it once in the header.

 -- sidney




More information about the MIMEDefang mailing list