[Mimedefang] quarantine bad_filename messages
Hi, I'd like to use action_quarantine_entire_message for messages containing attachments with bad_filename, but not sure where to place the quarantine command. Is sub filter_bad_filename the right place? Something like this? # This procedure returns true for entities with bad filenames. sub filter_bad_filename { my($entity) = @_; my($bad_exts, $re); $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt| dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi| msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs| vxd|wmd|wms|wmz|wsc|wsf|wsh| \{[^\}]+\})'; # Do not allow: # - CLSIDs {foobarbaz} # - bad extensions (possibly with trailing dots) at end $re = '\.' . $bad_exts . '\.*$'; # quarantine message if (re_match($entity, $re)) { action_quarantine_entire_message(bad_filename queueid= $QueueID,relayaddr=$RelayAddr,name=bad_filename); }; return 1 if (re_match($entity, $re)); # Look inside ZIP files if (re_match($entity, '\.zip$') and $Features{Archive::Zip}) { my $bh = $entity-bodyhandle(); if (defined($bh)) { my $path = $bh-path(); if (defined($path)) { return re_match_in_zip_directory($path, $re); } } } return 0; } Ciao! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine bad_filename messages
On Tue, 09 Sep 2014 12:12:03 +0200 Marcus Schopen li...@localguru.de wrote: I'd like to use action_quarantine_entire_message for messages containing attachments with bad_filename, but not sure where to place the quarantine command. Is sub filter_bad_filename the right place? You can do it there, or you can do something like this: my $do_quarantine; sub filter_begin { $do_quarantine = 0; } sub filter_bad_filename { if (...) { $do_quarantine = 1; } } sub filter_end { if ($do_quarantine) { action_quarantine_entire_message(...); return; } } Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine bad_filename messages
Marcus Schopen li...@localguru.de asked: I'd like to use action_quarantine_entire_message for messages containing attachments with bad_filename, but not sure where to place the quarantine command. Is sub filter_bad_filename the right place? David F. Skoll d...@roaringpenguin.com replied: You can do it there, or you can do something like this: my $do_quarantine; sub filter_begin { $do_quarantine = 0; } sub filter_bad_filename { if (...) { $do_quarantine = 1; } } sub filter_end { if ($do_quarantine) { action_quarantine_entire_message(...); return; } } But that uses a global variable that assumes that the same slave will be used for the filter_begin and filter_end calls - I thought we were supposed to be very careful about such global variables. Or is is safe to assume that although the filter_{relay,helo,sender,recipient} calls for a given message might be made to different slaves, once we're past the DATA block, then filter_{begin,multipart,end} and filter itself will all be under the control of a single slave? Also, what's filter_bad_filename? I find no reference to it in the mimedefang.pl file that comes with 4.75. Anne. -- Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 a...@encs.concordia.ca+1 514 848-2424 x2285 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine bad_filename messages
On Tue, 09 Sep 2014 10:43:44 -0400 Anne Bennett a...@encs.concordia.ca wrote: But that uses a global variable that assumes that the same slave will be used for the filter_begin and filter_end calls - I thought we were supposed to be very careful about such global variables. In the mimedefang-filter(5) man page, there's a section called MAINTAINING STATE that shows the different groups of functions. The documentation is weak... it doesn't explicitly say that you can count on the same process handling filter_begin/filter/filter_multipart/filter_end, so I'll have to fix that because you can in fact count on that. Also, what's filter_bad_filename? I believe it's a function defined in the sample filter. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang