[Mimedefang] quarantine bad_filename messages
Hi,
I'd like to use action_quarantine_entire_message for messages
containing attachments with bad_filename, but not sure where to place
the quarantine command. Is sub filter_bad_filename the right place?
Something like this?
# This procedure returns true for entities with bad filenames.
sub filter_bad_filename {
my($entity) = @_;
my($bad_exts, $re);
$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|
dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|
msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|
vxd|wmd|wms|wmz|wsc|wsf|wsh|
\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';
# quarantine message
if (re_match($entity, $re)) {
action_quarantine_entire_message(bad_filename queueid=
$QueueID,relayaddr=$RelayAddr,name=bad_filename);
};
return 1 if (re_match($entity, $re));
# Look inside ZIP files
if (re_match($entity, '\.zip$') and
$Features{Archive::Zip}) {
my $bh = $entity-bodyhandle();
if (defined($bh)) {
my $path = $bh-path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
}
Ciao!
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine bad_filename messages
On Tue, 09 Sep 2014 12:12:03 +0200
Marcus Schopen li...@localguru.de wrote:
I'd like to use action_quarantine_entire_message for messages
containing attachments with bad_filename, but not sure where to place
the quarantine command. Is sub filter_bad_filename the right place?
You can do it there, or you can do something like this:
my $do_quarantine;
sub filter_begin {
$do_quarantine = 0;
}
sub filter_bad_filename {
if (...) {
$do_quarantine = 1;
}
}
sub filter_end {
if ($do_quarantine) {
action_quarantine_entire_message(...);
return;
}
}
Regards,
David.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine bad_filename messages
Marcus Schopen li...@localguru.de asked:
I'd like to use action_quarantine_entire_message for messages
containing attachments with bad_filename, but not sure where to place
the quarantine command. Is sub filter_bad_filename the right place?
David F. Skoll d...@roaringpenguin.com replied:
You can do it there, or you can do something like this:
my $do_quarantine;
sub filter_begin {
$do_quarantine = 0;
}
sub filter_bad_filename {
if (...) {
$do_quarantine = 1;
}
}
sub filter_end {
if ($do_quarantine) {
action_quarantine_entire_message(...);
return;
}
}
But that uses a global variable that assumes that the same
slave will be used for the filter_begin and filter_end calls
- I thought we were supposed to be very careful about such
global variables. Or is is safe to assume that although the
filter_{relay,helo,sender,recipient} calls for a given message
might be made to different slaves, once we're past the DATA
block, then filter_{begin,multipart,end} and filter itself
will all be under the control of a single slave?
Also, what's filter_bad_filename? I find no reference to
it in the mimedefang.pl file that comes with 4.75.
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
a...@encs.concordia.ca+1 514 848-2424 x2285
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine bad_filename messages
On Tue, 09 Sep 2014 10:43:44 -0400 Anne Bennett a...@encs.concordia.ca wrote: But that uses a global variable that assumes that the same slave will be used for the filter_begin and filter_end calls - I thought we were supposed to be very careful about such global variables. In the mimedefang-filter(5) man page, there's a section called MAINTAINING STATE that shows the different groups of functions. The documentation is weak... it doesn't explicitly say that you can count on the same process handling filter_begin/filter/filter_multipart/filter_end, so I'll have to fix that because you can in fact count on that. Also, what's filter_bad_filename? I believe it's a function defined in the sample filter. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
