[Mimedefang] Virus scanning messages vs. attachments

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Nov 21 15:16:59 EST 2011

On 11/18/11 5:27 PM, Philip Prindeville wrote:
> Yeah, my interest is in seeing the remaining parts of the message and delivering it anyway, rather than just bouncing it.
> Sometimes it's useful to contact the sender and let him/her know they have a compromised machine.
> -Philip

Ok, this turned out not to work as expected.

Rather than replacing the individual mime attachment containing the virus, I got the following.  What am I doing wrong?

The message as received is here.


The message as rewritten ("sanitized") is here.


Why is it replacing the entirety of the message body rather than the individual bogus attachment?

The header comment for action_replace_with_warning() says:

#  Makes a note to drop the current part and replace it with a warning

but the actual code says otherwise:

    $ReplacementEntity = MIME::Entity->build(Type => "text/plain",
                                             Encoding => "-suggest",
                                             Data => [ "$msg\n" ]);
    $ReplacementEntity->head->mime_attr("Content-Type.name" => "warning$WarningCounter.txt");
    $ReplacementEntity->head->mime_attr("Content-Disposition" => "inline");
    $ReplacementEntity->head->mime_attr("Content-Disposition.filename" => "warning$WarningCounter.txt");

Can we modify that to do what the comment says instead?



More information about the MIMEDefang mailing list