[Mimedefang] Re: Problem with "REPORTSAFE - KAM 10-29-2003" and "filter_bad_filename" in MIMEDefang

Thu, 25 Jan 2007 14:05:37 -0800 

Frank,
Interesting. We discard viruses silently so anything marked as a virus would be gone for us. But if you have something that passes a virus test and is marked as SPAM with an exe that isn't marked, I guess you have a point. 

There are two approaches to this that I see:


1 - Add an extra warning to the message that notifies them of the potential 
danger.  Rarely works...



2 - Disable the report_safe feature if bad_filename (or really_bad_filename) 
fails.  I believe this will leave the original MD entity with the Subject 
changed and the file stripped and keep the warning but this is untested 
code:


my ($bad_filename_status);
$bad_filename_status = filter_bad_filename($entity);

#CHANGE TO <2 TO ONLY USE REALLY BAD FILENAME
if ($report_safe > 0 && $bad_filename_status < 1) {
}


It's also possible you could do instead of this if DFS can tell me if MD has 
a file that is better than INPUTMSG at this point.


if ($report_safe > 0 && $bad_filename_status < 1) {

               $container = MIME::Entity->build(Type => 'message/rfc822', 
Description => 'Original message before MIMEDefang', Data => [ "" ]);

               $parser = new MIME::Parser;
               open(IN, '< INPUTMSG');
               $original = $parser->parse(\*IN);
               close(IN);
} else {

               $container = MIME::Entity->build(Type => 'message/rfc822', 
Description => 'Original message before MIMEDefang [Potentially Unsafe 
Attachments Removed]', Data => [ "" ]);

               $parser = new MIME::Parser;
               open(IN, '< ??????');
               $original = $parser->parse(\*IN);
               close(IN);
}


Regards,
KAM



----- Original Message ----- 
From: "Frank Lichtenberger" <[EMAIL PROTECTED]>



if an email is marked as spam and "REPORTSAFE - KAM 10-29-2003" is used, 
then the filter for bad file names doesn?t work.
The original mail with all attachments, the bad files too, is attached to 
the new mail. 


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang






















					Reply via email to