[Mimedefang] action_drop_with_warning error (Steffen Kaiser)
Shridhar
shridhar at staff.ownmail.com
Sat Jun 19 11:18:20 EDT 2010
Hello,
Please find the filter rules which relates to action_drop_with_warning.
#***********************************************************************
sub filter {
my($entity, $fname, $ext, $type) = @_;
return if message_rejected(); # Avoid unnecessary work
# Block message/partial parts
if (lc($type) eq "message/partial") {
md_graphdefang_log('message/partial');
action_bounce("MIME type message/partial not accepted here");
return action_discard();
}
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename2', $fname, $type);
return action_drop_with_warning("An attachment named $fname was removed
from this document as it\nconstituted a security hazard. If you require this
document, please contact\nthe sender and arra
nge an alternate means of receiving it.\n");
}
return action_accept();
}
#***********************************************************************
#***********************************************************************
# This procedure returns true for entities with bad filenames.
sub filter_bad_filename {
my($entity) = @_;
my($bad_exts, $re);
# Bad extensions
my $rcp = $Recipients[0];
$rcp =~ s/[<>]//g;
my($r_user,$r_domain) = split(/\@/,$rcp);
my ($new_r_domain) = strip_domain($r_user,$r_domain);
my ($aa,$bb,$cc,$yy,$zz) = spam_config_check($r_user,$new_r_domain,2);
#This function prvides the custom list of bad extensions in $yy variable.
if($yy eq "") {
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|in
f|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|s
h|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';
} else {
$bad_exts = '('. $yy .'|\{[^\}]+\})';
}
if ($Lohg == 1) {md_syslog('warning',"MsgID: $MsgID in bad-filename:
user is $r_user,domain is $new_r_domain, bad_ex are $bad_exts");}
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';
return 1 if (re_match($entity, $re));
# Look inside ZIP files
if (re_match($entity, '\.zip$') and
$Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
}
#*********************************************************************
Please assist.
Regards.
>Message: 2
>Date: Wed, 16 Jun 2010 16:35:09 +0200 (CEST)
>From: Steffen Kaiser <skmimedefang at smail.inf.fh-bonn-rhein-sieg.de>
>Subject: Re: [Mimedefang] action_drop_with_warning error
>To: mimedefang at lists.roaringpenguin.com
>Message-ID:
> <alpine.DEB.1.10.1006161633510.10363 at pc-2m63a.inf.fh-bonn-rhein-sieg.de>
>
>Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 16 Jun 2010, Shridhar wrote:
>
>> The message it throws in the maillogs is
>>
>> Jun 16 18:35:39 mail105 mimedefang-multiplexor[9973]: Slave 1 stderr: open
body: Invalid argument at /usr/local/lib/perl5/site_perl/5.8.8/MIME/Entity.pm
line 1863.
>> Jun 16 18:35:39 mail105 mimedefang-multiplexor[9973]: Slave 1 died
prematurely
-- check your filter rules
>>
>>
>> I use action_drop_with_warning function to drop the attachment.
>> I also tried upgrading the MIME-tools version to 5.428 but with no success.
>
>Well, "check your filter rules" is the advice in the log. show them.
>
>Regards,
>
>- --
>Steffen Kaiser
More information about the MIMEDefang
mailing list