[Mimedefang] Trying to find cause of tempfails

Cormack, Ken Ken.Cormack at roadway.com
Wed Mar 9 16:05:52 EST 2005 

With respect to the tempfail problem I experienced this week, the problem
has been narrowed down to the following code in my sub filter(), that
inspects .zip archives.

Normally, this code, as written, has not given us any problem, for almost 2
years, I think.  Suddenly, with attachments from one outside party, in .zip
files programatically created by a server on their end, this code is
choking.

I've asked the developers on the remote end some questions about the code
they are using to generate the .zips, but in the meantime, I'm wondering if
some of you perl gurus might be able to spot something glaring in the
snippet of code that I've attached from my mimedefang-filter file.

Any input would be appreciated.

Ken

-----Original Message-----
From: Cormack, Ken 
Sent: Monday, March 07, 2005 9:09 AM
To: 'mimedefang at lists.roaringpenguin.com'
Subject: [Mimedefang] Trying to find cause of tempfails


Group,

This morning, I've been trying to diagnose a type of tempfail I'm repeatedly
seeing, when a particular party tries emailing to us.  The tempfail verbage
is non-descript, and doesn't match any strings I've got in my filter.
Perhaps one of you could help identify the reason these are tempfailing?

Just one such example looks like this (some address munging applied, to
protect the innocent)...

Mar  7 01:00:19 mail01 sendmail[31935]: j2760J2V031935:
from=<SELEX-FACS at MUNGEDSENDER.COM>, size=26614, class=0, nrcpts=1,
msgid=<02F117E1B24BA9F2 at munged.com>, proto=ESMTP, daemon=MTA,
relay=gbhub.mungeddomain.com [151.147.XXX.32]
Mar  7 01:00:21 mail01 sendmail[31935]: j2760J2V031935: Milter: data,
reject=451 4.3.2 Please try again later
Mar  7 01:00:21 mail01 sendmail[31935]: j2760J2V031935:
to=<cindyw at mungedrecip.com>, delay=00:00:02, pri=56614, stat=Please try
again later

As you can see, the log entries don't say much, and none of my rules (that
I'm aware of) send a "451 4.3.2" tempfail, specifically.

Anyone recognize this?

Ken
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

-------------- next part --------------
#    if (lc($ext) =~ /\.zip$/) {
#	use Archive::Zip qw(:ERROR_CODES);
#	my $path = $entity->bodyhandle->path;
#	my $zip = Archive::Zip->new();
#        Archive::Zip::setErrorHandler(sub {});
#	if ($zip->read($path) == AZ_OK) {
#	    md_syslog('debug', "Scanning zip file, Path=$path");
#	    my $tfname = Archive::Zip::tempFileName('.');
#	    my @members = $zip->members();
#	    foreach my $member (@members) {
#		my $file = $member->fileName();
#		$size = $member->uncompressedSize();
#		md_syslog('debug', "Scanning zip entry $file, size=$size");
#		# Approx. 50MB size limit
#		if ($size > 50 * 1024 * 1024) {
#		    md_graphdefang_log('zip_bomb ', $file, $RelayAddr);
#		    action_bounce("Archive member $file too big");
#		    return;
#		}
#
#		if ($member->isEncrypted()) {
#		    md_syslog('debug', "scanning Encrypted ZIP member $file");
#		    my ($re);
#                   #$re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';
#                    $re = '\.' . $bad_exts . '\.*$';
#                    if (lc($file) =~ $re) {
#			md_graphdefang_log('Encrypted_badfile', $file,$RelayAddr);
#		 	action_notify_administrator("A file called $file was detected in an encrypted ZIP file attached to an incoming e-mail - quarantined.");
#			action_quarantine_entire_message("An encrypted ZIP attachment containing $file was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nRoadway Information Security to arrange for it to be released.\n");
#			action_discard();
#			return;
#		    }
#		    md_syslog('warning', "Encrypted file $file");
#		} else {
#		    $zip->extractMember($member, $tfname);
#		    md_syslog('debug', "Scanning ZIP entry $file");
#		    use File::Scan;
#		    my $scanner = File::Scan->new;
#		    my $virus = $scanner->scan($tfname);
#		    unlink($tfname);
#		    if ($virus) {
#			md_graphdefang_log('virus-zip', $virus, $RelayAddr);
#			action_discard();
#			return;
#		    }
#		}
#	    }
#	}
#    }
    #############################

More information about the MIMEDefang mailing list