[Mimedefang] Virus scanning messages vs. attachments
Philip Prindeville
philipp_subx at redfish-solutions.com
Mon Nov 21 15:16:59 EST 2011
On 11/18/11 5:27 PM, Philip Prindeville wrote:
> Yeah, my interest is in seeing the remaining parts of the message and delivering it anyway, rather than just bouncing it.
>
> Sometimes it's useful to contact the sender and let him/her know they have a compromised machine.
>
> -Philip
Ok, this turned out not to work as expected.
Rather than replacing the individual mime attachment containing the virus, I got the following. What am I doing wrong?
The message as received is here.
ftp://ftp.redfish-solutions.com/pub/nacha-orig.txt
The message as rewritten ("sanitized") is here.
ftp://ftp.redfish-solutions.com/pub/nacha.txt
Why is it replacing the entirety of the message body rather than the individual bogus attachment?
The header comment for action_replace_with_warning() says:
# %DESCRIPTION:
# Makes a note to drop the current part and replace it with a warning
but the actual code says otherwise:
$ReplacementEntity = MIME::Entity->build(Type => "text/plain",
Encoding => "-suggest",
Data => [ "$msg\n" ]);
$WarningCounter++;
$ReplacementEntity->head->mime_attr("Content-Type.name" => "warning$WarningCounter.txt");
$ReplacementEntity->head->mime_attr("Content-Disposition" => "inline");
$ReplacementEntity->head->mime_attr("Content-Disposition.filename" => "warning$WarningCounter.txt");
Can we modify that to do what the comment says instead?
Thanks,
-Philip
More information about the MIMEDefang
mailing list