[Mimedefang] Blocking RAR viruses
Tomasz Ostrowski
tometzky at batory.org.pl
Wed Mar 24 11:01:38 EST 2004
I've modified mimedefang-filter.example so it blocks RAR files with
executables. It uses freeware "unrar" program, which source and
binaries can be downloaded from RARLAB:
http://www.rarlab.com/rar_add.htm
Patch follows.
It blocks Beagle worm password protected RAR files.
Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
Winnie the Pooh
--- mimedefang-filter.example Tue Mar 16 10:53:37 2004
+++ mimedefang-filter Fri Mar 19 14:14:40 2004
@@ -116,6 +116,25 @@
}
}
}
+
+ # Look inside RAR files
+ if (re_match($entity, '\.r(ar|[0-2][0-9])$') ) {
+ my $bh = $entity->bodyhandle();
+ if (defined($bh)) {
+ my $path = $bh->path();
+ if (defined($path)) {
+ my($code, $category, $action) =
+ run_virus_scanner( "unrar lb $path" );
+ if ($action ne 'proceed') {
+ return $code;
+ }
+ if ($code) {
+ return $code;
+ }
+ return 1 if $VirusScannerMessages =~ /$re/i;
+ }
+ }
+ }
return 0;
}
More information about the MIMEDefang
mailing list