[Mimedefang] quarantine_entire_message: I don't get it
David F. Skoll
dfs at roaringpenguin.com
Mon Sep 20 13:40:50 EDT 2004
On Mon, 20 Sep 2004, Paul Boven wrote:
> The way I see it, there are these possible actions upon detecting a virus:
> 1.) action_discard: *poof*, the virus vanishes without a trace.
That's my preferred action.
> 2.) action_notify_sender, which I really wouldn't use unless I am sure
> that the virus in question doesn't forge the From: header
That's truly evil. All modern viruses forge the From address.
> 3.) Notify recipient, who can determine if there's any chance the mail
> was legit and request it either from the administrator or sender.
That's OK, but as a recipient, I would find it quite annoying, and I would
set up a rule to discard such notifications anyway.
> > You could construct a new warning message using the MIME::Tools functions,
> > and call replace_entire_message() inside filter_end to replace the entire
> > message with your warning message.
> *nod* I will have to look into that, then. I can see why you would call
> that 'intentionally difficult' yes ;-)
It's not that bad. You can do it like this (untested!):
my $msg = MIME::Entity->build(Type => "text/plain",
Encoding => "7bit",
Data => ["first line.\n",
"Second line.\n"
]);
replace_entire_message($msg);
action_change_header("Subject", "Virus warning");
Regards,
David.
More information about the MIMEDefang
mailing list