[Mimedefang] Dropping Klez -- How to filter?

Stefano McGhee SMcGhee at ARCweb.com
Fri Jan 31 19:23:01 EST 2003


Hey,
    I just posted an example related to this yesterday at
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-January/004287.htm
l.  Isn't this accomplishing what the original inquisitor was looking to do?
If not, how might this be different, other including a message notification
as send_quarantine_notification()?

Cheers,

Stefano

----- Original Message -----
From: "Michael C. Hanson" <mhanson at quicksilver.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Friday, January 31, 2003 6:01 PM
Subject: Re: [Mimedefang] Dropping Klez -- How to filter?


> I'm still getting used to the syntax and operation of the MIMEDefang
filter
> system, so I might be missing something here. But for the sake of my
> understanding ---
>
> You mentioned that you couldn't find a way to to discard the entire
message,
> but if you removed "action_quarantine_entire_message('Caught a Klez
> virus');" from your example below and changed "return action_discard();"
to
> "action_discard();" wouldn't that do exactly what you want? That is,
discard
> the entire message?
>
> From the mimedefang-filter man page:
>
> action_discard()
>
> Silently discard the message, notifying nobody.  You  can  profitably
call
> action_quarantine followed  by  action_discard  if you want to keep a copy
> of the offending part.  Note that the message is not discarded
immediately;
> rather, remaining parts are processed and the message is discarded after
all
> parts have been processed.
>
> __
> Michael C. Hanson
> Quicksilver Software, Inc.
> mailto:mhanson at quicksilver.com
> ----- Original Message -----
> From: "-ray" <ray at ops.selu.edu>
> To: <mimedefang at lists.roaringpenguin.com>
> Sent: Friday, January 31, 2003 1:40 PM
> Subject: Re: [Mimedefang] Dropping Klez -- How to filter?
>
>
> >
> >         # Check for Klez first -zrd 01/09/03
> >          if (join("",@{$entity->body}) =~ /TVqQAAMAAAAEAAAA/) {
> >             md_log('klez_virus', $fname, $type);
> >             action_quarantine_entire_message('Caught a Klez virus');
> >             return action_discard();
> >             }
> >
> > This is how i'm catching Klez, without a virus scanner in filter. but
you
> > are right that i could not find a way to just discard the entire
message.
> > It drops the part and quarantine's the entire message.  We need an
> > action_discard_entire_message function.  Perhaps someone else has a
better
> > idea...
> >
> > -Ray
> > --
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Ray DeJean         http://www.r-a-y.org
> > Systems Engineer                    Southeastern Louisiana University
> > IBM Certified Specialist        AIX Administration, AIX Support
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>




More information about the MIMEDefang mailing list