MailScanner Internals

Clive Eisen clive at SERENDIPITA.COM
Fri Apr 16 16:19:51 IST 2004 

Rick Cooper wrote:

>
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>>Behalf Of Clive Eisen
>>Sent: Friday, April 16, 2004 9:19 AM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: MailScanner Internals
>>
>>
>>Rick Cooper wrote:
>>
>>
>>
>>>>-----Original Message-----
>>>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>>>>Behalf Of Clive Eisen
>>>>Sent: Friday, April 16, 2004 8:04 AM
>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>Subject: Re: MailScanner Internals
>>>>
>>>>
>>>>Julian Field wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>At 11:50 16/04/2004, you wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Julian - sorry to ask you directly but I suspect only you
>>>>>>
>>>>>>
>>will know the
>>
>>
>>>>>>answer :-)
>>>>>>
>>>>>>In what combination of circumstances is $message->{virusinfected} set?
>>>>>>
>>>>>>I have seen $message->{nameinfected} set and
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>$message->{othereinfected}
>>>>
>>>>
>>>>
>>>>
>>>>>>set, but never
>>>>>>$message->{virusinfected}
>>>>>>
>>>>>>I'm trying to write a custom function and am a bit puzzled.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>A quick grep of the code reveals that it is set in
>>>>>
>>>>>
>>>>>
>>>>>
>>>>SweepViruses.pm when a
>>>>
>>>>
>>>>
>>>>
>>>>>virus report is merged into the list of all the reports for a batch.
>>>>>--
>>>>>Julian Field
>>>>>www.MailScanner.info
>>>>>MailScanner thanks transtec Computers for their support
>>>>>
>>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>
>>>>>
>>>>>
>>>>>
>>>>Does that mean that it does not relate to an individual message?
>>>>
>>>>I have sent viruses and tried to check their value, including, following
>>>>the recomendations in the other reply to this thread, in  Always Looked
>>>>Up Last and it's still not set
>>>>
>>>>My point is - I cannot produce the circumstances when it is set or at
>>>>least, not during the processing of a given message at least.
>>>>
>>>>Ho Hum and thanks for your swift help.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>Note that MessageBatch.pm sets $message->{virusinfected} = 0; in sub
>>>DisinfectAndDeliver
>>>so it seems it would not still be set if used as an alwayslookuplast last
>>>since it appears that call is made in bin/MailScanner after all the other
>>>processing. What are you trying to do in the custom function? It might be
>>>you need to patch a call in from somewhere else to achieve what
>>>
>>>
>>you want to
>>
>>
>>>do.
>>>
>>>
>>>
>>>
>>I'm trying to ad  a header that differentiates between true viruses and
>>'disallowed file extensions', and I thought I could use
>>$message->{virusinfected}
>>$message->{nameinfected}
>>$message->{otherinfected}
>>
>>to figure it out, but so far , I can't
>>
>>
>>
>
>I have attached a patch I posted here some time ago that does that. It's a
>couple versions old so I don't know if it would apply but you can look at
>the code in the patch. It's a bit more complicated than just determining if
>the message is infected because there may be more than one message and more
>than one type as this is a per batch thing. The code I have attached will
>change the notice subject and header line to state what the problem(s) are
>rather than just virus warning for everything. If you want it to show
>something in the log add MailScanner::Log::InfoLog("Reject Reason is
>%s\n",$thisreason); after the following:
>
>
>     if ($message->{otherinfected} && $reasons !~
>/MailScanner::Config::LanguageValue($message, 'noticeother')/i){
>                $thisreason = MailScanner::Config::LanguageValue($message,
>'noticeother');
>                if ($reasons !~ /$thisreason/i){
>                        $reasons .= " ".MailScanner::Config::LanguageValue($message,
>'noticeother').":";
>                }
>
>Also note that the following would need to be appended to your
>reports/{language}/languages.conf file (where {language} is en, de, etc)
>
>NoticeVirus = Virus Detected
>NoticeFileName = Bad File Name Detected
>NoticeOther = Other Bad Content Detected
>NoticePrefix = The following e-mails were found to have
>
>If you just trying to add a X-header then you are going to have to tie into
>the same loop and use the same logic and add the headers in at that point. I
>haven't tested it but I think you would add the header after:
>
>  while(($postie,$notice) = each %notices) {
>    $email = $headers{$postie} . "\n" .
>
>in MessageBatch.pm
>
>But if you are filtering just use the patch and filter on the Noticexxx
>string in the subject. They will appear once per batch per problem in the
>adminwarning
>
>
Cheers - I'll give it a whirl - I still don't really understand why I
never get anything set in $message{virusinfected} though.

--
Clive

More information about the MailScanner mailing list