--Robert Penz wrote on 24.02.2002 20:46 +0100:
> I'm using this in my maildroprc.
>
> xfilter "reformail -A'X-Content-Filter: name=*.$BADEXT' \
> -A'X-Content-Scanner: postmaster@$HOSTNAME' \
> -A'X-Content-Virus-Warning: $FILENAME <$SENDER> $RECIPIENT' \
> -i'Subject: [VIRUS WARNING: $FILENAME] $MATCH2'"
>
> my problem now that there are some chases the Subject is only renamed to
> "Old-Subject" but no new ("Subject") is created.
One small and one BIG problem with this code:
- the original mail sometimes dont have any subject
- maildrop/xfilter/formail can be tricked to execute any shell-
command - just enclose them in the subject with single quotes.
This code will fix both problems:
if ( "$FILENAME" )
{
if ( /^Subject: !.*/:h )
SUBJECT=escape($MATCH2)
else
SUBJECT="(No Subject)"
echo "X-Content-Virus-Warning: $FILENAME <$SENDER> $RECIPIENT $SUBJECT"
xfilter "reformail -A'X-Content-Filter: name=*.$BADEXT' \
-A'X-Content-Scanner: postmaster@$HOSTNAME' \
-A'X-Content-Virus-Warning: $FILENAME <$SENDER> $RECIPIENT' \
-i'Subject: [VIRUS WARNING: $FILENAME] $SUBJECT'"
}
btw, some new ways to trick Outlook and filtering gateways,
check out bugtraq for details:
1) Outlook strips double-quotes (like ".e"x"e") from filenames
in attachments, and will treat it just like any *.exe
2) Outlook interprets attachments enclosed in the subject
3) *.mp3 may actually contain *.asf, and could trojan the box
You never catch up with all this vulnerabilities...
Roland
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
