[Mimedefang] Two questions
Jim McCullars
jim at info.uah.edu
Tue Aug 30 15:47:48 EDT 2005
On Tue, 30 Aug 2005, John Rudd wrote:
> 1) Mailscanner has the ability to detect and block HTML segments that
> have iframe tags, certain codebase tags, etc. Does mimedefang have
> anything like that?
Joseph Brennan posted code that he developed to look for dangerous tags
in a text/html part. It basically finds stuff like <script> and changes
it to <no-script>. It does this for script, iframe, and object tags. It
should be in the mailing list archives but if you cant find it let me know
and I'll send it to you.
> 2) Does mimedefang have a way to detect and deny encrypted archives
> (like encrypted zip files), while still allowing through unencrypted
> archives. (it's ok if zip files are the only such archive)
You could do something like this (untested!) in sub filter():
my($body) = $entity->bodyhandle;
if(defined($body)) {
my($path) = $body->path; # path to decoded file
if($path =~ /\.zip$/i) { # ZIP file?
my $zip = Archive::Zip->new(); # yes, prepare to peek inside
my $status = $zip->read($path);
if ($status == AZ_OK) { # OK to look?
foreach my $member($zip->members) { # yes, cycle thru contents
my $encflag = $member->isEncrypted();
if ($encflag) { # is this file encrypted?
return action_bounce("Encrypted ZIP files not accepted")
}
}
}
}
}
HTH...
Jim McCullars
University of Alabama in Huntsville
More information about the MIMEDefang
mailing list