MailScanner Internals

Rick Cooper rcooper at DWFORD.COM
Fri Apr 16 15:51:26 IST 2004 


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Clive Eisen
> Sent: Friday, April 16, 2004 9:19 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: MailScanner Internals
>
>
> Rick Cooper wrote:
>
> >>-----Original Message-----
> >>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> >>Behalf Of Clive Eisen
> >>Sent: Friday, April 16, 2004 8:04 AM
> >>To: MAILSCANNER at JISCMAIL.AC.UK
> >>Subject: Re: MailScanner Internals
> >>
> >>
> >>Julian Field wrote:
> >>
> >>
> >>
> >>>At 11:50 16/04/2004, you wrote:
> >>>
> >>>
> >>>
> >>>>Julian - sorry to ask you directly but I suspect only you
> will know the
> >>>>answer :-)
> >>>>
> >>>>In what combination of circumstances is $message->{virusinfected} set?
> >>>>
> >>>>I have seen $message->{nameinfected} set and
> >>>>
> >>>>
> >>$message->{othereinfected}
> >>
> >>
> >>>>set, but never
> >>>>$message->{virusinfected}
> >>>>
> >>>>I'm trying to write a custom function and am a bit puzzled.
> >>>>
> >>>>
> >>>A quick grep of the code reveals that it is set in
> >>>
> >>>
> >>SweepViruses.pm when a
> >>
> >>
> >>>virus report is merged into the list of all the reports for a batch.
> >>>--
> >>>Julian Field
> >>>www.MailScanner.info
> >>>MailScanner thanks transtec Computers for their support
> >>>
> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>>
> >>>
> >>Does that mean that it does not relate to an individual message?
> >>
> >>I have sent viruses and tried to check their value, including, following
> >>the recomendations in the other reply to this thread, in  Always Looked
> >>Up Last and it's still not set
> >>
> >>My point is - I cannot produce the circumstances when it is set or at
> >>least, not during the processing of a given message at least.
> >>
> >>Ho Hum and thanks for your swift help.
> >>
> >>
> >>
> >
> >Note that MessageBatch.pm sets $message->{virusinfected} = 0; in sub
> >DisinfectAndDeliver
> >so it seems it would not still be set if used as an alwayslookuplast last
> >since it appears that call is made in bin/MailScanner after all the other
> >processing. What are you trying to do in the custom function? It might be
> >you need to patch a call in from somewhere else to achieve what
> you want to
> >do.
> >
> >
> I'm trying to ad  a header that differentiates between true viruses and
> 'disallowed file extensions', and I thought I could use
> $message->{virusinfected}
> $message->{nameinfected}
> $message->{otherinfected}
>
> to figure it out, but so far , I can't
>

I have attached a patch I posted here some time ago that does that. It's a
couple versions old so I don't know if it would apply but you can look at
the code in the patch. It's a bit more complicated than just determining if
the message is infected because there may be more than one message and more
than one type as this is a per batch thing. The code I have attached will
change the notice subject and header line to state what the problem(s) are
rather than just virus warning for everything. If you want it to show
something in the log add MailScanner::Log::InfoLog("Reject Reason is
%s\n",$thisreason); after the following:


     if ($message->{otherinfected} && $reasons !~
/MailScanner::Config::LanguageValue($message, 'noticeother')/i){
                $thisreason = MailScanner::Config::LanguageValue($message,
'noticeother');
                if ($reasons !~ /$thisreason/i){
                        $reasons .= " ".MailScanner::Config::LanguageValue($message,
'noticeother').":";
                }

Also note that the following would need to be appended to your
reports/{language}/languages.conf file (where {language} is en, de, etc)

NoticeVirus = Virus Detected
NoticeFileName = Bad File Name Detected
NoticeOther = Other Bad Content Detected
NoticePrefix = The following e-mails were found to have

If you just trying to add a X-header then you are going to have to tie into
the same loop and use the same logic and add the headers in at that point. I
haven't tested it but I think you would add the header after:

  while(($postie,$notice) = each %notices) {
    $email = $headers{$postie} . "\n" .

in MessageBatch.pm

But if you are filtering just use the patch and filter on the Noticexxx
string in the subject. They will appear once per batch per problem in the
adminwarning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MessageBatchNotice.patch
Type: application/octet-stream
Size: 3212 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040416/29d1277b/MessageBatchNotice.obj

More information about the MailScanner mailing list