On Mon, 26 Jan 2004, Brent J. Nordquist <[EMAIL PROTECTED]> wrote: > So far the ZIP ones are all between 22640 and 22798 bytes inclusive. > Can someone post a quick example on how to test an attachment's size?
After some archive digging here's what I arrived at, if it's useful to anyone else. I've tested it with the edge cases for size and it seems to work fine. This could be tightened further (zip will be 22640-22798, and the others will only be 22528) but I think this is close enough for an outbreak. This goes in "sub filter" after the virus section: my $virre = qr/\.(pif|scr|exe|cmd|bat|zip)$/; if (re_match($entity, $virre)) { my $size = (stat($entity->bodyhandle->path))[7]; if ($size >= 22528 && $size <= 22798) { $VirusName = 'W32/[EMAIL PROTECTED]'; md_graphdefang_log('virus', $VirusName, $RelayAddr); # Discard the mail! Notify the administrator. action_discard(); action_notify_administrator("A known virus ($VirusName) was discovered and deleted.\nThe relaying machine was $RelayAddr\n"); # But quarantine the message for examination later. Comment # the next line out if you don't want to bother. action_quarantine_entire_message("The $VirusName virus was discovered; message discarded.\n"); return; } } -- Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html * Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang