[Mimedefang] Sober

[Kayne Kruse]

> The massive Sober virus attack is detected by $SuspiciousCharsInBody.
> Skip the antivirus process if you're willing to reject on that.
> 
> We saw 250,000 Monday, 490,000 yesterday.  Use of our time server also
> skyrocketed when this started.
> 
> Joseph Brennan


I just added below the $SuspiciousCharsInHeaders in filter_begin, for the
quick an dirty:

	if ($SuspiciousCharsInBody) {
	  md_graphdefang_log('suspicious_chars_body');
        action_quarantine_entire_message("Message Quarantined because of
suspicious characters in body");
        return action_discard();
      }

This should do the trick.

Hopefully most mail programs out there are sane and do not trigger these, but
at least u can unquarantine.

Kayne