[Mimedefang] Another Update to MIMEDefang Filter KAM

Kevin A. McGrail kmcgrail at pccc.com
Wed Apr 21 15:02:02 EDT 2004 

It's my belief that anomy's html cleaning abilities are significantly
lack-luster/problematic/etc. as to possible merit removal from MIMEDefang at
some near point in the future ;-)

In case anyone cares, $/ is the input delimiter variable and is typically
set to \n (newline).  By setting it to undef, it reads the whole shebang as
a single file.  However, I'm not sure you really answered the question below
BUT I think you might have pointed me in the right direction because of this
tidbit in the docs:

Body                 Stores body     When open()ed,
  class:               data in:        returns:
--------------------------------------------------------
MIME::Body::File     disk file       IO::Handle  <------

So knowing that it's a front-end for IO::Handle, I searched the source code
for Handle.pm confirmed that it reacts to the $/ changes.  Therefore, here
is the updated code to do one regexp after slurping and implements the size
check thanks to DFS and Stefen's input:

NOTE: It's in the filter () section in the file here:
http://www.peregrinehw.com/downloads/MIMEDefang/mimedefang-filter-KAM

    #Disable bad HTML code -- Based on work by Columbia University / Joseph
Brennan
    #Modified by KAM 2004-04-16
    #Modified by KAM 2004-04-21 to add slurp of entire message and one
regexp check + size check
    if ($type eq "text/html") {
      my($currentline, $output, $badtag, $delimiter_backup, $sizelimit);

      $badtag = 0;
      $output = "";
      $sizelimit = 1048576; #1MB #max size of an email you want to check in
bytes
      $delimiter_backup = $/;

      if (-s "$entity->bodyhandle->path" <= $sizelimit) {
        if ($io = $entity->open("r")) {
          undef $/; # undef the seperator to slurp it in.
          $output = $io->getline;
          $io->close;
          $badtag = $output =~ s/<(iframe|script|object)\b/<no-$1 /igs;

          if ($badtag) {
            if ($io = $entity->open("w")) {
              $io->print($output);
              $io->close;
            }
            md_graphdefang_log('modify',"$badtag Iframe/Object/Script tag(s)
deactivated by MIMEDefang");
            action_change_header("X-Warning", "$badtag Iframe/Object/Script
tag(s) deactivated by MIMEDefang");
            action_rebuild();
          }
        }
      }
      $/ = $delimiter_backup;
    }


Regards,
KAM

More information about the MIMEDefang mailing list