I'm running mimedefang 2.36 on RedHat and I'm trying to add a filter rule to remove messages related to the new MyDoom virus. I don't run a virus scanner on the server right now, I just want to filter based on the body. Mimedefang is already running and removing the .scr, .pif, etc attachments, but some come as .zip (and I don't want to filter those).
I added the following rule to the filter() subroutine:
my $recips = join(",",@Recipients);
if ($entity->bodyhandle =~ /The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment|The message contains Unicode characters and has been sent as a binary attachment|Mail transaction failed. Partial message is available/i) {
syslog('warning', "attachment $fname of type $ext quarantined - possible virus [MyDoom]. Sender=$Sender. Recipient=$recips.");
action_change_header("Subject","[VIRUS?] [MyDoom] ".$Subject);
}
The message usually has the following body:
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
The message contains Unicode characters and has been sent as a binary attachment
Mail transaction failed. Partial message is available
At first, I just wanted to tag the message to see if it was working, then add:
return action_discard();
once I know that it's catching the correct messages.
I tested by sending a message to myself with a body that should match, but it did not get tagged. Can anyone tell me what I'm doing wrong?
Thanks, Mike _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
