[Mimedefang] Fast bulk discarding of mails by subject

[Sevo Stille]

To reduce the load on my mail server, I've concocted a DB driven 
solution to eliminate the more obvious Swen/Gibe subjects without 
wasting CPU time on virus scans:

In the mimedefang-filter startup:

use Fcntl;
use DB_File;
  tie %vsubj, 'DB_File', "/etc/mail/virus_subjects" , O_RDONLY  or carp 
"can't open virus_subjects";

In filter, before the virus scanner:

     # Drop known Gibe.F subjects to cut down on server load
     if ($vsubj{$Subject}){
         md_syslog("notice", "Gibe.F virus subject '$Subject' found, 
discarded");
         return action_discard();
     }

And a quick and dirty generator for the virus_subjects database (takes a 
list of one subject per line):

#!/usr/bin/perl
use DB_File;

tie %vsubj, 'DB_File', "virus_subjects" , O_CREAT|O_RDWR  or die;

open VSUBJ, "virus.subjects";

while (<VSUBJ>){
         chomp;
         $vsubj{$_}++;
}

close VSUBJ;

Quite a few of the Swen/Gibe mails I get have with subjects that can't 
be discarded safely (namely, one or two word subjects and a couple of 
very generic ones), and the associated Iframe mails mostly seem to have 
subjects typical for machine-generated bounces, which aren't suitable 
for subject based filtering either. But even with a conservative subject 
list, I've been able to cut the scanner load by more than 50%.

HTH, Sevo

-- 
Sevo Stille
sevo at radiox.de