[Mimedefang] JPEG exploit checking in mimedefang-filter

Stephane Lentz Stephane.Lentz at ansf.alcatel.fr
Tue Sep 28 07:08:33 EDT 2004


On Tue, Sep 28, 2004 at 10:55:39AM +0200, Tomasz Ostrowski wrote:
> I have written a quick and dirty checking for corrupt jpeg files in
> mimedefang-filter. It uses program "djpeg", which should be in most
> Linux and Unices distributions, to convert the file to bitmap writing
> in /dev/null. It lets the file in, if it manages to successfully convert
> it, or rejects it otherwise.
> 
> It should catch the latest JPEG virus. At least it catches the sample
> I have found here:
> 	http://www.easynews.com/virus.html
> 
> ###################################################################
> # New function: check for corrupted JPEG files
> sub filter_corrupt_jpeg ($) {
>     my($entity) = @_;
> 
>     if (re_match($entity, '\.jp(e?)g$') ) {
>         my $bh = $entity->bodyhandle();
>         if (defined($bh)) {
>             my $path = $bh->path();
>             if (defined($path)) {
>                 my($code, $category, $action) =
>                     run_virus_scanner( "djpeg -fast -dither none -grayscale -scale 1/8 -outfile /dev/null $path" );
> ... 
FYI on the Amavis ml, someone provided a code for a custom JPEG av_scanner (without 
using an external command such as djpeg  : see the top of :
http://www.daleenterprise.com/tools/

SL/
---
Stephane Lentz 
AES TSC



More information about the MIMEDefang mailing list