[Mimedefang] Dropping Klez -- How to filter?
Stefano McGhee
SMcGhee at ARCweb.com
Fri Jan 31 19:23:01 EST 2003
Hey,
I just posted an example related to this yesterday at
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-January/004287.htm
l. Isn't this accomplishing what the original inquisitor was looking to do?
If not, how might this be different, other including a message notification
as send_quarantine_notification()?
Cheers,
Stefano
----- Original Message -----
From: "Michael C. Hanson" <mhanson at quicksilver.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Friday, January 31, 2003 6:01 PM
Subject: Re: [Mimedefang] Dropping Klez -- How to filter?
> I'm still getting used to the syntax and operation of the MIMEDefang
filter
> system, so I might be missing something here. But for the sake of my
> understanding ---
>
> You mentioned that you couldn't find a way to to discard the entire
message,
> but if you removed "action_quarantine_entire_message('Caught a Klez
> virus');" from your example below and changed "return action_discard();"
to
> "action_discard();" wouldn't that do exactly what you want? That is,
discard
> the entire message?
>
> From the mimedefang-filter man page:
>
> action_discard()
>
> Silently discard the message, notifying nobody. You can profitably
call
> action_quarantine followed by action_discard if you want to keep a copy
> of the offending part. Note that the message is not discarded
immediately;
> rather, remaining parts are processed and the message is discarded after
all
> parts have been processed.
>
> __
> Michael C. Hanson
> Quicksilver Software, Inc.
> mailto:mhanson at quicksilver.com
> ----- Original Message -----
> From: "-ray" <ray at ops.selu.edu>
> To: <mimedefang at lists.roaringpenguin.com>
> Sent: Friday, January 31, 2003 1:40 PM
> Subject: Re: [Mimedefang] Dropping Klez -- How to filter?
>
>
> >
> > # Check for Klez first -zrd 01/09/03
> > if (join("",@{$entity->body}) =~ /TVqQAAMAAAAEAAAA/) {
> > md_log('klez_virus', $fname, $type);
> > action_quarantine_entire_message('Caught a Klez virus');
> > return action_discard();
> > }
> >
> > This is how i'm catching Klez, without a virus scanner in filter. but
you
> > are right that i could not find a way to just discard the entire
message.
> > It drops the part and quarantine's the entire message. We need an
> > action_discard_entire_message function. Perhaps someone else has a
better
> > idea...
> >
> > -Ray
> > --
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Ray DeJean http://www.r-a-y.org
> > Systems Engineer Southeastern Louisiana University
> > IBM Certified Specialist AIX Administration, AIX Support
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
More information about the MIMEDefang
mailing list