[Mimedefang] quarantine_entire_message: I don't get it

David F. Skoll dfs at roaringpenguin.com
Mon Sep 20 13:40:50 EDT 2004


On Mon, 20 Sep 2004, Paul Boven wrote:

> The way I see it, there are these possible actions upon detecting a virus:
> 1.) action_discard: *poof*, the virus vanishes without a trace.

That's my preferred action.

> 2.) action_notify_sender, which I really wouldn't use unless I am sure
> that the virus in question doesn't forge the From: header

That's truly evil.  All modern viruses forge the From address.

> 3.) Notify recipient, who can determine if there's any chance the mail
> was legit and request it either from the administrator or sender.

That's OK, but as a recipient, I would find it quite annoying, and I would
set up a rule to discard such notifications anyway.

> > You could construct a new warning message using the MIME::Tools functions,
> > and call replace_entire_message() inside filter_end to replace the entire
> > message with your warning message.

> *nod* I will have to look into that, then. I can see why you would call
> that 'intentionally difficult' yes ;-)

It's not that bad.  You can do it like this (untested!):

	my $msg = MIME::Entity->build(Type => "text/plain",
				      Encoding => "7bit",
				      Data => ["first line.\n",
					       "Second line.\n"
					      ]);
        replace_entire_message($msg);
        action_change_header("Subject", "Virus warning");

Regards,

David.



More information about the MIMEDefang mailing list