[Mimedefang] FOLLOWUP Q - Using a db for subject lines to block

Cormack, Ken Ken.Cormack at roadway.com
Wed Jun 22 10:52:19 EDT 2005 

Thinking about the new subject-blocking rule (below, in it's entirety), I'm
wondering...

If the database contains "this.is.a.spam.subject", and a spam comes in with
an exact match, it will block.

If the database contains "evilword", and the subject of a spam contains
"evilword" anywhere in the subject, it will block.

But if the database contains "multiple.words.together" and an email has the
subject "this.subject.includes.multiple.words.together", it will not block.

Would it be worth doing all the looping/itterating to perform such an
additional test?  Under my old sendmail rule, I could take a sample subject
line from a spam such as  "this is a subject   ABDIKEH", trim the obviously
random giberish added to the end to create "this.is.a.subject" in my
flat-file, and it would match (similar to the way "print ABCDE | grep BC"
would work).

Is there a way to make something like this possible (and "reasonably"
quick)?

Here's my MD function as it currently stands, with David's additional
trimming incorporated:

#############################
# Search the subject-line database for subject lines/keywords to block
#############################
$DBFilenameSUBS = "/etc/mail/subjects.db";
sub lookup_subject() {
    my $lc_subject = lc($Subject);
    my $subject_result = 0;

    my %GDB;
    if (tie(%GDB,'DB_File', $DBFilenameSUBS, O_RDONLY)) {
        # Scan database for a complete match (only)
        $lc_subject =~ s/^\s+//;  # Trim leading whitespace
        $lc_subject =~ s/\s+$//;  # Trim trailing whitespace
        $lc_subject =~ s/\s+/./g; # Collapse whitespace into periods

        if ($GDB{$lc_subject}) {
            $subject_result = 1;
            md_graphdefang_log("Subject_Line", "Subject-line found in
subjects.db");
        } else {
            # scan database for each word in the subject
            @subject_array = split (/\./, $lc_subject);
            foreach $subject_word (@subject_array)
            {
                if ($GDB{$subject_word}) {
                    $subject_result = 1;
                    md_graphdefang_log("Subject_Word", "Subject-word
\"$subject_word\" found in subjects.db");
                }
            }
        }
        untie %GDB;
    } else {
        md_syslog('warning', "subject: Cannot open file $DBFilenameSUBS");
    }
    return $subject_result;
}
#############################

Any thoughts or suggestions would be appreciated, group!

Ken

More information about the MIMEDefang mailing list