[Mimedefang] Re: Problem with "REPORTSAFE - KAM 10-29-2003" and "filter_bad_filename" in MIMEDefang
Kevin A. McGrail
kmcgrail at pccc.com
Thu Jan 25 16:57:17 EST 2007
Frank,
Interesting. We discard viruses silently so anything marked as a virus
would be gone for us. But if you have something that passes a virus test
and is marked as SPAM with an exe that isn't marked, I guess you have a
point.
There are two approaches to this that I see:
1 - Add an extra warning to the message that notifies them of the potential
danger. Rarely works...
2 - Disable the report_safe feature if bad_filename (or really_bad_filename)
fails. I believe this will leave the original MD entity with the Subject
changed and the file stripped and keep the warning but this is untested
code:
my ($bad_filename_status);
$bad_filename_status = filter_bad_filename($entity);
#CHANGE TO <2 TO ONLY USE REALLY BAD FILENAME
if ($report_safe > 0 && $bad_filename_status < 1) {
}
It's also possible you could do instead of this if DFS can tell me if MD has
a file that is better than INPUTMSG at this point.
if ($report_safe > 0 && $bad_filename_status < 1) {
$container = MIME::Entity->build(Type => 'message/rfc822',
Description => 'Original message before MIMEDefang', Data => [ "" ]);
$parser = new MIME::Parser;
open(IN, '< INPUTMSG');
$original = $parser->parse(\*IN);
close(IN);
} else {
$container = MIME::Entity->build(Type => 'message/rfc822',
Description => 'Original message before MIMEDefang [Potentially Unsafe
Attachments Removed]', Data => [ "" ]);
$parser = new MIME::Parser;
open(IN, '< ??????');
$original = $parser->parse(\*IN);
close(IN);
}
Regards,
KAM
----- Original Message -----
From: "Frank Lichtenberger" <frank.lichtenberger at tanner.de>
> if an email is marked as spam and "REPORTSAFE - KAM 10-29-2003" is used,
> then the filter for bad file names doesn?t work.
> The original mail with all attachments, the bad files too, is attached to
> the new mail.
More information about the MIMEDefang
mailing list