[Mimedefang] spam filter for quarantine emails

John Von Essen john at essenz.com
Sat Nov 27 19:28:25 EST 2004


I have noticed that when an email contains a violating file attachment, 
spam filtering does not occur. Below is a snip from my mimedefang 
config file. When a violating file attachment is present, I drop the 
attachment and insert a phrase about how that file is not allowed. And 
of course, the original body of the email is still present and is not 
subject to spam filtering.

So obviously, if spammers want to get stuff through they would just 
have to attached an empty text file called foo.scr and thats it - their 
email gets through.

In my environment, I sort of have to have the below functionality. I 
block .exe files, and I need to communicate that blockage to my users. 
Is there anyway to modify the action_quarantine() and 
action_drop_with_warning() functions such that they are not exempt from 
spam filtering on the text body of the email?

Lately I have been getting alot of the MS Security Patch emails which 
have an .exe attachment. Without the .exe I am sure SA would catch the 
email as SPAM. Thanks

-John

sub filter ($$$$) {
     my($entity, $fname, $ext, $type) = @_;
     return if message_rejected(); # Avoid unnecessary work
     if (filter_bad_filename($entity)) {
         return action_quarantine($entity, "...");
     }
}

sub filter_multipart ($$$$) {
     my($entity, $fname, $ext, $type) = @_;
     return if message_rejected(); # Avoid unnecessary work
     if (filter_bad_filename($entity)) {
         return action_drop_with_warning("...");
     }
}





More information about the MIMEDefang mailing list