[Mimedefang] Heads up - stock pump'n'dump SPAM as ZIP (actuallyRAR)attachments
Cormack, Ken
Ken.Cormack at Roadway.com
Tue Jul 31 11:25:31 EDT 2007
> It blocks the disguised RAR files and still allows proper zips. Only
change
> is that I made it case-insensitive for the search. I haven't seen any
need
> for this but it seems prudent for future-proofing the code.
Kevin,
My only suggestion is to get the sendmail queue id into the log entry, so
that it's easier to associate the log entry with other detalis of the
message that carried the rar-file.
Ergo, in sub check_for_corrupt_zip, change this:
md_syslog('warning', "Discarding because of RAR file disguised as ZIP
File $path");
To this:
md_syslog('warning', "$QueueuID: Discarding because of RAR file
disguised as ZIP File $path");
Ken
More information about the MIMEDefang
mailing list