[Mimedefang] Narrowed down but still Dropping without extracting..

Wed Jun 8 03:46:49 EDT 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 7 Jun 2011, Aaron Enders wrote:

> Issue: Mimedefang is dropping ms-tnef (winmail.dat) without scanning and 
> extracting the attachments. I have verified and am working with my client 
> that there is an attachment.

First thing I'd do is to quarantine the mail, in order you can inspect it.

> mail.info :  Jun  6 15:38:11 smtp1 mimedefang.pl[21064]: ytnef didn't find 
> any attachments, but we are dropping the winmail.dat mime part anyway

Below you'll find some notes about your code, but they won't help you to 
find out, why ytnef finds no attachments, even no wrong ones, e.g. in case 
ytnefs barks.

I would go one of these routes:

1) quarantine the message and inspect the message, manually extract the 
winmail.dat and run ytnef against it. Then see further.

2) take a look at Convert::TNEF. However, I don't know, if ytnef 
implements more feature you need.

ytnef itself does not verify the filename embedded in the tnef file for
\\ or / characters and it does not check for write errors. However,
in both cases ytnef should print some strings onto stdout, hence,
"ytnef didn't find any attachments, " should not occure.

==========

> # if this is a application/ms-tnef message then extract and delete it
>    if (lc($type) eq "application/ms-tnef") {
>        @tnef_files = extract_tnef( $entity );
>        my $tnef_file_qty = @tnef_files;
>        if( $tnef_file_qty > 0 ){
>             md_syslog( 'info', "ytnef extracted some files so we are now 
> dropping the winmail.dat mime part" );
>        } else {
>             md_syslog( 'info', "ytnef didn't find any attachments, but we 
> are dropping the winmail.dat mime part anyway" );
>        }
>        return action_drop();
>    }
>
> # add the tnef files to the message
>    foreach my $fname ( @tnef_files ) {
>        local($/) = undef;
>        open(FILE, "$fname");

There is no error checking here. You don't know, what happens.

BTW: There is no need for quotes here, makes things slower

>        my $file = <FILE>;
>        close(FILE);

No error check here.

>        $file =~ s:^.*[\\/]::;

Here you mangle the _content_ of the file instead of the filename.

>        action_add_part($entity, "application/octet-stream", "base64", $file, 
> $fname, "attachment");
>        md_syslog('info', "Added file $fname to message because it was 
> extracted from the winmail.dat");
>    }
>
>    @tnef_files = ();

This line needs to be in filter_begin() to be cleared out for each 
message.

> # sub routine..
> sub extract_tnef( $ ) {
>
>  my ( $entity ) = @_;
>  my ( $body ) = $entity->bodyhandle;
>  my @tnef_files = ();
>
>  if( ! defined( $body ) ){
>    return @tnef_files;
>  }
>
>  # Get filename
>  my ( $path ) = $body->path;
>  if( ! defined( $path ) ){
>    return @tnef_files;
>  }
>
>  @new_files = `/usr/bin/ytnef -f Work $path`;

Hmm, the Work subdir is used by mimedefang itself, it is possible that the 
files conflict with each other. I would use another subdir.

>  foreach my $file ( @new_files ){
>    chomp( $file );
>    push( @tnef_files, $file );

ytnef displays other stuff to stdout, such as "ERROR: .....", you need to 
take those into account, e.g. by verifing that $file is indeed a file.

>    md_syslog( 'info', "Found file $file in winmail.dat attachment" );
>  }
>
>  return @tnef_files;
>
> }

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBTe8o6v41+pMevzVSAQKN3gf/fK9HbfkBJLYIv8Du0trHkkmWrmZHymBk
59Qjhl0IIP4rFiJy2BKZmLOqOfHN/OTOpZnKva3pNBAVADH5DbyAQI4p8TIFa1Ov
WEPA10f9Ee9rpcNZ4e6AAoKb42sc5VzG9dbgK5p4Jne52/j9pSfLv5BM+QNsG1Ms
EZnvRszM2wKhsdMXE15wC5r9iYGuhqmGD77fRfwHZrE3wq2HBewa/DwBD5yM7RVO
zX28f39rt4uPmiKBXoHVUoC9xvg6AGFOnmJ93ezdrVMq+TkrYEl2rYFyeTeqc0Bd
sdf+1bDVTk3zDP7gE8VVC+1GoDOcDnEP9THoownGyFRns7K95fJg5g==
=FuZa
-----END PGP SIGNATURE-----