[Mimedefang] Virus scanning messages vs. attachments

[Philip Prindeville]

On 11/18/11 5:27 PM, Philip Prindeville wrote:
> Yeah, my interest is in seeing the remaining parts of the message and delivering it anyway, rather than just bouncing it.
> 
> Sometimes it's useful to contact the sender and let him/her know they have a compromised machine.
> 
> -Philip

Ok, this turned out not to work as expected.

Rather than replacing the individual mime attachment containing the virus, I got the following.  What am I doing wrong?

The message as received is here.

ftp://ftp.redfish-solutions.com/pub/nacha-orig.txt

The message as rewritten ("sanitized") is here.

ftp://ftp.redfish-solutions.com/pub/nacha.txt

Why is it replacing the entirety of the message body rather than the individual bogus attachment?

The header comment for action_replace_with_warning() says:

# %DESCRIPTION:
#  Makes a note to drop the current part and replace it with a warning

but the actual code says otherwise:

    $ReplacementEntity = MIME::Entity->build(Type => "text/plain",
                                             Encoding => "-suggest",
                                             Data => [ "$msg\n" ]);
    $WarningCounter++;
    $ReplacementEntity->head->mime_attr("Content-Type.name" => "warning$WarningCounter.txt");
    $ReplacementEntity->head->mime_attr("Content-Disposition" => "inline");
    $ReplacementEntity->head->mime_attr("Content-Disposition.filename" => "warning$WarningCounter.txt");

Can we modify that to do what the comment says instead?

Thanks,

-Philip