[Mimedefang] Re: Problem with "REPORTSAFE - KAM 10-29-2003" and "filter_bad_filename" in MIMEDefang

Kevin A. McGrail kmcgrail at pccc.com
Thu Jan 25 16:57:17 EST 2007


Frank,

Interesting.  We discard viruses silently so anything marked as a virus 
would be gone for us.  But if you have something that passes a virus test 
and is marked as SPAM with an exe that isn't marked, I guess you have a 
point.

There are two approaches to this that I see:

1 - Add an extra warning to the message that notifies them of the potential 
danger.  Rarely works...

2 - Disable the report_safe feature if bad_filename (or really_bad_filename) 
fails.  I believe this will leave the original MD entity with the Subject 
changed and the file stripped and keep the warning but this is untested 
code:

my ($bad_filename_status);
$bad_filename_status = filter_bad_filename($entity);

#CHANGE TO <2 TO ONLY USE REALLY BAD FILENAME
if ($report_safe > 0 && $bad_filename_status < 1) {
}

It's also possible you could do instead of this if DFS can tell me if MD has 
a file that is better than INPUTMSG at this point.

if ($report_safe > 0 && $bad_filename_status < 1) {
                $container = MIME::Entity->build(Type => 'message/rfc822', 
Description => 'Original message before MIMEDefang', Data => [ "" ]);
                $parser = new MIME::Parser;
                open(IN, '< INPUTMSG');
                $original = $parser->parse(\*IN);
                close(IN);
} else {
                $container = MIME::Entity->build(Type => 'message/rfc822', 
Description => 'Original message before MIMEDefang [Potentially Unsafe 
Attachments Removed]', Data => [ "" ]);
                $parser = new MIME::Parser;
                open(IN, '< ??????');
                $original = $parser->parse(\*IN);
                close(IN);
}


Regards,
KAM


----- Original Message ----- 
From: "Frank Lichtenberger" <frank.lichtenberger at tanner.de>

> if an email is marked as spam and "REPORTSAFE - KAM 10-29-2003" is used, 
> then the filter for bad file names doesn?t work.
> The original mail with all attachments, the bad files too, is attached to 
> the new mail. 




More information about the MIMEDefang mailing list