[Mimedefang] survey: dropping password protected file
Lucas Albers
admin at cs.montana.edu
Wed Mar 3 15:00:19 EST 2004
Joseph Brennan said:
> We are currently refusing all mail with zip files. Amazingly
> few complaints, from a 50,000-user community. We don't know yet
> what the long-term plan will be. That stops bagle.
>
> To stop most variants of netsky, refuse mail with pif files. We
> did that many months ago. No complaints at all. Do it.
>
> By refuse, I mean action_bounce().
You mean pif files or pif files in zip files?
Instead of putting in zip archive code, why not just interpret the virus
scanner message, to return a virus rejection message if it detects a
password protected zip file.
I'm not having a very good time of configuring it:
in /usr/bin/mimedefang.pl
in:
sub interpret_nai_code
I added this to reject password protected zip files based on the virus
scanner output.
#password protected
if ($code == 0) {
if ($CurrentVirusScannerMessage =~ m/is password-protected/){
return ($code, 'virus', 'quarantine');
}
}
any idea what I am doing wrong?
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list