[Mimedefang] How to catch large binary spam efficiently ?

[Jeff Makey]

SpamAssassin only considers the text parts of a message when deciding
whether it is too big to process, so the presence of large non-text
MIME attachments (e.g., images) should not prevent SA from doing its
thing when the total amount of text is less than 100K.

However, if you are like me and your mimedefang-filter bypasses the
call to SpamAssassin for large messages then you need to duplicate the
SA algorithm for counting the text size.  My recursive subroutine for
this is below, and I call it in filter_begin() like this:

sub filter_begin ($)
{
my ($mime_entity) = @_;
my $size_of_message_text = traverse_mime_parts($mime_entity, 0);

You can then compare the value of $size_of_message_text with 100000
when deciding whether to call SpamAssassin.  This works well for me.

                          :: Jeff Makey
                             jeff at sdsc.edu

 -----------------------------------------------------------------

sub traverse_mime_parts ($$)
{
my ($entity, $depth) = @_;
my $type = $entity->mime_type;
$type = 'undefined' unless (defined $type);
my $size = 0;
my $file = (defined $entity->bodyhandle) ? $entity->bodyhandle->path : undef;
if (defined $file) {
	# pay attention to the same MIME types as in SpamAssassin's Message.pm
	$size = -s $file if ($type =~ /^(?:message|text)\b/ and $type ne 'text/calendar');
	}
if (++$depth > 9) {
	md_syslog('warning', "filter_begin: $MsgID: MIME depth exceeds 9");
	}
else {
	foreach my $part ($entity->parts) {
		$size += &traverse_mime_parts($part, $depth);
		}
	}
return $size;
}