[Mimedefang] How do I unquarantine a message?
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Thu Apr 28 12:03:07 EDT 2005
mimedefang-bounces at lists.roaringpenguin.com wrote:
> Hi All,
>
> How can I unquarantine a message with attachments which is captured
> by action_quarentine?
Here's how I do it. And I have to do it a lot.
In mimedefang-filter:
At top of filter:
my $hostname_for_security = `hostname`;
chomp($hostname_for_security);
in filter($$$$):
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
# return action_drop_with_warning("An attachment named $fname was removed
from this document as it\nconstituted a security hazard. If you require this do
cument, please contact\nthe sender and arrange an alternate means of receiving i
t.\n");
# HBI change to
my $security_message =
$global_security_message . "\n" .
"This attachment was named \"" . $fname . "\"\n\n" .
"Quarantine info:\n" .
"unquarantine " . $hostname_for_security . " " .
get_quarantine_dir() . " " .
"PART." . (($QuarantineCount || 0) + 1) . ".BODY " .
"\"" . $fname . "\"\n";
return action_quarantine($entity, $security_message);
}
This adds an "unquarantine" command tailored for the particular deliverable.
On my workstation, install PuTTY in C:\putty
create unquarantine.bat:
@echo off
setlocal
set unquarserver=%1
set unquardirectory=%2
set unquarbodypart=%3
set unquarfilename=%4
rem whole command should be copy/pasted from warning message
set /p unquaruser=Enter your username for %unquarserver%:
echo Deleting and recreating working directory...
rmdir /s /q "C:\unquarantine_email"
mkdir C:\unquarantine_email
echo Retrieving %unquarfilename% from %unquarserver%...
echo Your password is specific to unquarantining
echo If you forget your password log in to %1 as root, then
echo use "passwd matthew-van-eerde" to reset it
call "C:\Program Files\putty\pscp.exe" %unquaruser%@%unquarserver%:%unquardirectory%/%unquarbodypart% C:\unquarantine_email\%unquarbodypart%
echo Copying C:\unquarantine_email\%unquarbodypart% as %unquarfilename%...
C:
cd \unquarantine_email
copy %unquarbodypart% %unquarfilename%
echo Make ABSOLUTELY SURE it's not a virus before sending it on!
echo Pressing a key will open the C:\unquarantine_email folder...
pause
explorer C:\unquarantine_email
endlocal
Now if a user's attachment is quarantined, they forward me the warning.txt
I copy/paste the command from warning.txt to a command prompt
A window pops up with the unquarantined file, and it even has its original filename!
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
More information about the MIMEDefang
mailing list