[Mimedefang] How do I unquarantine a message?

[Matthew.van.Eerde at hbinc.com]

mimedefang-bounces at lists.roaringpenguin.com wrote:
> Hi All,
> 
> How can I unquarantine  a message with attachments which is captured
> by action_quarentine? 

Here's how I do it.  And I have to do it a lot.

In mimedefang-filter:

At top of filter:

my $hostname_for_security = `hostname`;
chomp($hostname_for_security);

in filter($$$$):

    if (filter_bad_filename($entity)) {
        md_graphdefang_log('bad_filename', $fname, $type);
#       return action_drop_with_warning("An attachment named $fname was removed
from this document as it\nconstituted a security hazard.  If you require this do
cument, please contact\nthe sender and arrange an alternate means of receiving i
t.\n");
# HBI change to
        my $security_message =
                $global_security_message . "\n" .
                "This attachment was named \"" . $fname . "\"\n\n" .
                "Quarantine info:\n" .
                "unquarantine " . $hostname_for_security . " " .
                get_quarantine_dir() . " " .
                "PART." . (($QuarantineCount || 0) + 1) . ".BODY " .
                "\"" . $fname . "\"\n";
        return action_quarantine($entity, $security_message);
 }

This adds an "unquarantine" command tailored for the particular deliverable.

On my workstation, install PuTTY in C:\putty
create unquarantine.bat:
@echo off

setlocal

set unquarserver=%1
set unquardirectory=%2
set unquarbodypart=%3
set unquarfilename=%4
rem whole command should be copy/pasted from warning message
set /p unquaruser=Enter your username for %unquarserver%: 

echo Deleting and recreating working directory...
rmdir /s /q "C:\unquarantine_email"
mkdir C:\unquarantine_email

echo Retrieving %unquarfilename% from %unquarserver%...
echo Your password is specific to unquarantining
echo If you forget your password log in to %1 as root, then
echo use "passwd matthew-van-eerde" to reset it
call "C:\Program Files\putty\pscp.exe" %unquaruser%@%unquarserver%:%unquardirectory%/%unquarbodypart% C:\unquarantine_email\%unquarbodypart%

echo Copying C:\unquarantine_email\%unquarbodypart% as %unquarfilename%...
C:
cd \unquarantine_email
copy %unquarbodypart% %unquarfilename%

echo Make ABSOLUTELY SURE it's not a virus before sending it on!
echo Pressing a key will open the C:\unquarantine_email folder...
pause
explorer C:\unquarantine_email

endlocal

Now if a user's attachment is quarantined, they forward me the warning.txt
I copy/paste the command from warning.txt to a command prompt
A window pops up with the unquarantined file, and it even has its original filename!

Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"