[Mimedefang] re_match in filter_begin
Kevin A. McGrail
kmcgrail at pccc.com
Fri Feb 29 16:14:32 EST 2008
>>> if (re_match($entity, '\.(doc|docx).*$')) {
>
>>> However, this doesn't seem to work.
> That is correct. It has to be done in filter(), not filter_begin().
> The $entity passed to filter_begin is the top-level MIME container
> and it won't have anything re_match can usefully process.
Ok, then since others tested and ClamAV detects it, here's my current
band-aid from filter_begin. I wanted to add an extra check with ClamAV for
files that are word documents in sub filter. Perhaps no one else cares but
it might be helpful to others!
Regards,
KAM
# Enabling ClamAV ONLY to scan doc files
if (re_match($entity, '\.doc')) {
md_syslog('warning', "$QueueID: Enabling ClamAV");
$Features{'Virus:NAI_temp'} = $Features{'Virus:NAI'};
$Features{'Virus:NAI'} = '';
$Features{'Virus:CLAMAV'} = '/usr/local/clamav/bin/clamscan';
$VirusScannerRoutinesInitialized = 0;
# Scan for viruses if any virus-scanners are installed
md_syslog('warning', "$QueueID: Checking for Virii.");
my($code, $category, $action) = message_contains_virus();
md_syslog('warning', "$QueueID: Virii check completed -- $code -
$category - $action.");
my ($FoundVirus);
# Lower level of paranoia - only looks for actual viruses
$FoundVirus = ($category eq "virus");
# Higher level of paranoia - takes care of "suspicious" objects
# $FoundVirus = ($action eq "quarantine");
if ($FoundVirus) {
md_graphdefang_log('virus', $VirusName, $RelayAddr);
md_syslog('warning', "$QueueID: Discarding because of virus
$VirusName");
&rr_log(report=>"virus - $VirusName");
return action_discard();
}
if ($action eq "tempfail") {
action_tempfail("Problem running virus-scanner");
md_syslog('warning', "$QueueID: Problem running virus scanner:
code=$code, category=$category, action=$action");
}
$Features{'Virus:NAI'} = $Features{'Virus:NAI_temp'};
$Features{'Virus:CLAMAV'} = '';
$VirusScannerRoutinesInitialized = 0;
}
More information about the MIMEDefang
mailing list