[Mimedefang] filtering bad filename vs. file scanning
cc
cc at belfordhk.com
Thu Sep 25 23:13:01 EDT 2003
Hi,
Since I started using MIMEDefang, any EXE files are removed from the
email. Currently, this is a good thing (with SWEN swarming around
the 'Net), but is it a good thing in the long run?
Right now, MIMEDefang is discarding EXE files via the
filter_bad_extensions() function. But how do I
scan the EXE file and then Filter it?
I have ClamD installed, but I can't tell whether or not
MIMEDefang is even using it. During installation,
the installation script definitely found Virus::ClamAV,
but there's no indication that it's using it.
In the MIMEDefang filter file I only made minor changes,
but left the sequence of functions as is. So given
that, wouldn't MIMEDefang scan the file and then
discard it with a final message telling the user
that the Virus So-and-so was found and the whole
attachment was discard?
# This part is from filter_begin()
if (spam_assassin_is_spam() ){
action_add_header("X-Spam-Warning","SpammAssassin says this is SPAM");
action_change_header("Subject","** SPAM ** : $Subject");
}
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
# Lower level of paranoia - only looks for actual viruses
$FoundVirus = ($category eq "virus");
if ($FoundVirus){
action_add_header('X-Virus-Caught:',"$VirusName");
action_replace_with_warning("Virus was removed from this
message.\n\nTech Support.\n");
}
In filter():
# Virus scan
if ($FoundVirus) {
my($code, $category, $action);
$VirusScannerMessages = "";
# Virus scanning process
}
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
return action_quarantine($entity, "An attachment named $fname
was removed from this document as it\nconstituted a security hazard. If
you require this document, please contact\nthe sender and arrange an
alternate means of receiving it.\n");
}
So wouldn't it detect the virus (ie. SWEN) and then discard with
the X-Virus-Caught: header added and the quarantine message added
to the message to the user?
How do I get mimedefang run in test mode to check whether it is
using the virus scanner properly? (Short of sending myself a
virus.)
Any clarifications appreciated.
More information about the MIMEDefang
mailing list