[Mimedefang] filter virus

[Mike Heller]

Hello,

I'm running mimedefang 2.36 on RedHat and I'm trying to add a filter 
rule to remove messages related to the new MyDoom virus.  I don't run a 
virus scanner on the server right now, I just want to filter based on 
the body.  Mimedefang is already running and removing the .scr, .pif, 
etc attachments, but some come as .zip (and I don't want to filter those).

I added the following rule to the filter() subroutine:

my $recips = join(",", at Recipients);
if ($entity->bodyhandle =~ /The message cannot be represented in 7-bit 
ASCII encoding and has been sent as a binary attachment|The message 
contains Unicode characters and has been sent as a binary 
attachment|Mail transaction failed. Partial message is available/i) {
        syslog('warning', "attachment $fname of type $ext quarantined - 
possible virus [MyDoom]. Sender=$Sender.  Recipient=$recips.");
        action_change_header("Subject","[VIRUS?] [MyDoom] ".$Subject);
}

The message usually has the following body:

The message cannot be represented in 7-bit ASCII encoding and has been 
sent as a binary attachment
The message contains Unicode characters and has been sent as a binary 
attachment
Mail transaction failed. Partial message is available

At first, I just wanted to tag the message to see if it was working, 
then add:

return action_discard();

once I know that it's catching the correct messages.

I tested by sending a message to myself with a body that should match, 
but it did not get tagged.  Can anyone tell me what I'm doing wrong?

Thanks,
Mike