[Mimedefang] filters for subject content
james.madill at duke.edu
james.madill at duke.edu
Mon Feb 9 14:07:02 EST 2004
> Hi,
> I would like to set some filters to look at the subject line of
> an email. I have found some codes on a spam assassin webpage and
> would like to know where I would paste them in to the mimedefang
> filter (that's if they are in the correct format to work).
>
> Code:
>
> ###################################################################################
> Subject #####
> header Y_SUBJ_RE_RANDOM_TEXT Subject =~ /Re: [A-Z]{2,},(?: [a-z]+!?)+/
> describe Y_SUBJ_RE_RANDOM_TEXT Fishy subject Re: CAPS, lowercase nonsense
>
> header Y_SUBJ_PRIVATE_DOT Subject =~ /^Private\.$/
> describe Y_SUBJ_PRIVATE_DOT Subject is `Private.'
>
> header Y_SUBJ_ONLY_BUCKS Subject =~ /\bonly \$[0-9]+/i
> describe Y_SUBJ_ONLY_BUCKS Subject contains `only $nnn'
>
> header Y_SUBJ_PARIS_HILTON Subject =~ /\bparis hilton\b/
> describe Y_SUBJ_PARIS_HILTON Subject contains `paris hilton'
>
> header Y_SUBJ_EMPTY Subject =~ /^\s*$/
> describe Y_SUBJ_EMPTY Subject is empty
>
> header Y_SUBJ_EMPTY_RE Subject =~ /^Re:\s*$/i
> describe Y_SUBJ_EMPTY_RE Subject is empty Re:
>
> header Y_SUBJ_WEIGHT_OBF Subject =~ /\bwe;ght\b/
> describe Y_SUBJ_WEIGHT_OBF Subject contains obfuscated `weight'
>
> header Y_SUBJ_VIAGRA_OBF Subject =~ /\bV[l|;ií!].?[aáä@]g.?r.?[aáä@]/i
> describe Y_SUBJ_VIAGRA_OBF Subject contains possibly obfuscated `Viagra'
>
> header Y_SUBJ_XANAX_OBF Subject =~ /\bX(a|@|\(a\))n[a@]x/i
> describe Y_SUBJ_XANAX_OBF Subject contains possibly obfuscated `Xanax'
>
> # XXX: doesn't work, it's decoded by sa
> # anyway, we need a check for any encoded subject that is in fact ascii
> #header Y_SUBJ_LATIN1_B64 Subject =~ /^=\?iso-8859-1\?b\?[^=]+=*\?=$/i
> #describe Y_SUBJ_LATIN1_B64 Subject is BASE64 encoded ISO-8859-1
>
> # vim: set ts=8 sw=8 noet :
>
>
>
> so what do you think? Will this work in the mimedefang filter? And
> where in the filter would I paste it in?
>
> cheers
>
> andi
I believe you would add your code to filter_begin in mimedefang-filter
You would want something like the following (untested) code:
my($msgSubject);
my($hfile) = "HEADERS";
# Parse the input stream:
if (!open(HEADERS, $hfile)) {
fatal("$MsgID: couldn't open $hfile: $!");
signal_complete();
return -1;
}
while(<HEADERS>){
chomp;
$line = $_;
$idx = index($line, "Subject: ");
if ($idx == 0){
$msgSubject = substr($line, 9);
}
}
close HEADERS;
# Now perform the regular expression compares...
if (($msgSubject =~ /Re: [A-Z]{2,},(?: [a-z]+!?)+/) ||
($msgSubject =~ /^Private\.$/) ||
($msgSubject =~ /\bonly \$[0-9]+/i) ||
($msgSubject =~ /\bparis hilton\b/) ||
($msgSubject =~ /^\s*$/) ||
($msgSubject =~ /^Re:\s*$/i) ||
($msgSubject =~ /\bwe;ght\b/) ||
($msgSubject =~ /\bV[l|;ií!].?[aáä@]g.?r.?[aáä@]/i) ||
($msgSubject =~ /\bX(a|@|\(a\))n[a@]x/i) ||
($msgSubject =~ /^=\?iso-8859-1\?b\?[^=]+=*\?=$/i)){
# do with the message as you want here...
}
You might not even need to read the HEADERS file if the subject line is already in an accessible variable. My implementation of MIMEDefang is only used to check for a header tag inserted by an external anti-spam system, so I have to read the HEADERS file.
-- James
o o o o o o o . . . _______________________ ________=======_T___
o _____ |James Madill | |Duke U. Health Sys|
>.][__n_n_| D[ ====|____ |james.madill at duke.edu| | (919) 286-6384 |
(________|__|_[____/____]_|_____________________|_|__________________|
_/oo O-O-O ` oo oo 'o^o^o o^o^o` 'o^o o^o`
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
<http://www.duke.edu/~madil001/>
More information about the MIMEDefang
mailing list