[Mimedefang] survey: dropping password protected file

Lucas Albers admin at cs.montana.edu
Wed Mar 3 15:00:19 EST 2004


Joseph Brennan said:

> We are currently refusing all mail with zip files.  Amazingly
> few complaints, from a 50,000-user community.  We don't know yet
> what the long-term plan will be.  That stops bagle.
>
> To stop most variants of netsky, refuse mail with pif files.  We
> did that many months ago.  No complaints at all.  Do it.
>
> By refuse, I mean action_bounce().

You mean pif files or pif files in zip files?

Instead of putting in zip archive code, why not just interpret the virus
scanner message, to return a virus rejection message if it detects a
password protected zip file.
I'm not having a very good time of configuring it:

in /usr/bin/mimedefang.pl
in:
sub interpret_nai_code
I added this to reject password protected zip files based on the virus
scanner output.

#password protected
    if ($code == 0) {
    if ($CurrentVirusScannerMessage =~ m/is password-protected/){
        return ($code, 'virus', 'quarantine');
        }
    }

any idea what I am doing wrong?

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana



More information about the MIMEDefang mailing list