[Mimedefang] RE: Dropping Klez -- How to filter?

James Miller jimm at simutronics.com
Fri Jan 31 16:41:44 EST 2003


Please disregard my previous message.. I figured it out and am a bit
embarrassed at how easy it was ..

if ($FoundVirus) {
	my($code, $category, $action);
	$VirusScannerMessages = "";
	($code, $category, $action) = entity_contains_virus($entity);
          md_log('virus',$VirusName, $RelayAddr);
	    return action_discard() if $VirusName =~ /(?i)klez/;
	    action_quarantine($entity, "A known virus was discovered and deleted.
Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
	    send_quarantine_notifications();
	    return;



Thanks,
Jim



-----Original Message-----
From: James Miller [mailto:jimm at simutronics.com]
Sent: Friday, January 31, 2003 3:19 PM
To: 'mimedefang at lists.roaringpenguin.com'
Subject: Dropping Klez -- How to filter?


Hi everyone,

I saw somewhere (thus the reason for this question) a great way to drop, in
this case, messages with klez and to quarantine everything else.  I
currently have mimedefang set to quarantine everything, but I'm not
confident enough to write 'if kelz drop else quarantine'.  If someone could
share what they do or a link to a URL I'd be most grateful.  I did find
something on a web site but it didn't seem complete and wasn't what I had
seen (kicking self for not book marking).

return action_discard() if $VirusName =~ /klez|bugbear/i;

How could I work this in to my filter?

--mimedefang-filter snippet--
sub filter ($$$$) {
    my($entity, $fname, $ext, $type) = @_;

if ($FoundVirus) {
	my($code, $category, $action);
	$VirusScannerMessages = "";
	($code, $category, $action) = entity_contains_virus($entity);
          md_log('virus',$VirusName, $RelayAddr);
	    action_quarantine($entity, "A known virus was discovered and deleted.
Virus-scanner messages follow:\n$VirusScannerMessages\n\n");
	    send_quarantine_notifications();
	    return;



Thank you for your help,
Jim





More information about the MIMEDefang mailing list