[Mimedefang] Dropping Klez -- How to filter?
Michael C. Hanson
mhanson at quicksilver.com
Fri Jan 31 18:02:01 EST 2003
I'm still getting used to the syntax and operation of the MIMEDefang filter
system, so I might be missing something here. But for the sake of my
understanding ---
You mentioned that you couldn't find a way to to discard the entire message,
but if you removed "action_quarantine_entire_message('Caught a Klez
virus');" from your example below and changed "return action_discard();" to
"action_discard();" wouldn't that do exactly what you want? That is, discard
the entire message?
>From the mimedefang-filter man page:
action_discard()
Silently discard the message, notifying nobody. You can profitably call
action_quarantine followed by action_discard if you want to keep a copy
of the offending part. Note that the message is not discarded immediately;
rather, remaining parts are processed and the message is discarded after all
parts have been processed.
__
Michael C. Hanson
Quicksilver Software, Inc.
mailto:mhanson at quicksilver.com
----- Original Message -----
From: "-ray" <ray at ops.selu.edu>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Friday, January 31, 2003 1:40 PM
Subject: Re: [Mimedefang] Dropping Klez -- How to filter?
>
> # Check for Klez first -zrd 01/09/03
> if (join("",@{$entity->body}) =~ /TVqQAAMAAAAEAAAA/) {
> md_log('klez_virus', $fname, $type);
> action_quarantine_entire_message('Caught a Klez virus');
> return action_discard();
> }
>
> This is how i'm catching Klez, without a virus scanner in filter. but you
> are right that i could not find a way to just discard the entire message.
> It drops the part and quarantine's the entire message. We need an
> action_discard_entire_message function. Perhaps someone else has a better
> idea...
>
> -Ray
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Ray DeJean http://www.r-a-y.org
> Systems Engineer Southeastern Louisiana University
> IBM Certified Specialist AIX Administration, AIX Support
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
More information about the MIMEDefang
mailing list