[Mimedefang] checking the body and the headers for strings?

Murat Isik muratisik at megatek.com.tr
Thu Feb 5 06:06:27 EST 2004 

Hello,

I am trying to setup mimedefang so that it scans the header and body of
messages and if it finds some specific strings either in subject line or the
body of the mail, it rejects the mail. From the mail archives I found this
one and tried to implement the example codes:
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-February/013258.ht
ml as this:

sub filter_begin () {
    # ALWAYS drop messages with suspicious chars in headers
    if ($SuspiciousCharsInHeaders) {
        md_graphdefang_log('suspicious_chars');
        action_quarantine_entire_message("Message quarantined because of
suspicious characters in headers");
        # Do NOT allow message to reach recipient(s)
        return action_discard();
    }



############################TESTING################################

open (IN, "./HEADERS") || die "Error opening headers file!";
while (<IN>) {
  chop();
     if (/hastalavistababy/) { # yes, check value
      return('REJECT', "Unwanted Subject Line");

   }
}
close (IN);

 open (IN, "./INPUTMSG") || die "Error opening input message";
while (<IN>) {
  chop();
  if (/hastalavistababy/) {
     return('REJECT', "Unwanted String in the Body");
   }
}
close(IN);


############################TESTING-END################################

    # Scan for viruses if any virus-scanners are installed
    my($code, $category, $action) = message_contains_virus();

    # Lower level of paranoia - only looks for actual viruses
    $FoundVirus = ($category eq "virus");

    # Higher level of paranoia - takes care of "suspicious" objects
    # $FoundVirus = ($action eq "quarantine");

    if ($action eq "tempfail") {
        action_tempfail("Problem running virus-scanner");
        md_syslog('warning', "Problem running virus scanner: code=$code,
category=$category, action=$action");
    }
}



I dont have any negative ideas about "hastalavistababy", it is just for the
testing :)

Hoever none of these work, both the mails with "hastalavistababy" subject
and body are delievered. Since I am new to mimedefang and perl I know I am
missing out a part but I dont know which one.

Any ideas?

Have a nice day.

Murat Isik

More information about the MIMEDefang mailing list