Feature request : Dangerous Content Scanning option

Julian Field mailscanner at ecs.soton.ac.uk
Thu May 27 18:58:09 IST 2004


This strikes as rather dangerous. You first code patch will disable the
check for partial messages (among other things). Not checking for partial
messages will let viruses through that are present in multi-part messages.
I wouldn't advise anyone to switch off that check.
I think you need to be rather more careful about what checks any option
like this might disable.

At 18:29 27/05/2004, you wrote:
>Hi Julian,
>
>Fantastic work!
>
>Any chance of something along the following lines? (not tested, sorry!)
>
>diff -urN MailScanner-4.31.2/lib/MailScanner/ConfigDefs.pl
>MailScanner-4.31.2.DCscan/lib/MailScanner/ConfigDefs.pl
>--- MailScanner-4.31.2/lib/MailScanner/ConfigDefs.pl    2004-05-22
>13:12:49.000000000 +0100
>+++ MailScanner-4.31.2.DCscan/lib/MailScanner/ConfigDefs.pl     2004-05-26
>20:13:36.000000000 +0100
>@@ -70,6 +70,7 @@
>  contentprependsubject          = contentmodifysubject
>  contentsubjecttext             = contentsubjecttext
>  criticalqueuesize              = maxnormalqueuesize
>+dangerscan                     = dangerouscontentscanning
>  deletedcontentmessage          = deletedbadcontentmessagereport
>  deletedfilenamemessage         = deletedbadfilenamemessagereport
>  deletedvirusmessage            = deletedvirusmessagereport
>@@ -288,6 +289,7 @@
>  DeliverSilent          1       no      0       yes     1
>  deliverunparsabletnef  0       no      0       yes     1
>  deliverymethod         batch   batch   batch   queue   queue
>+DangerScan             1       no      0       yes     1
>  EnableSpamBounce       0       no      0       yes     1
>  findarchivesbycontent  1       no      0       yes     1
>  HamActions             deliver deliver deliver
> delete  delete  store   store                                   forward
> forward     bounce  bounce
>    striphtml striphtml
>                                 attachment      attachment      notify
> notify
>diff -urN MailScanner-4.31.2/lib/MailScanner/SweepContent.pm
>MailScanner-4.31.2.DCscan/lib/MailScanner/SweepContent.pm
>--- MailScanner-4.31.2/lib/MailScanner/SweepContent.pm  2004-05-22
>13:12:51.000000000 +0100
>+++ MailScanner-4.31.2.DCscan/lib/MailScanner/SweepContent.pm   2004-05-26
>20:36:07.000000000 +0100
>@@ -81,6 +81,7 @@
>
>    while(($id, $message) = each %{$batch->{messages}}) {
>      next if $message->{deleted};
>+    next unless MailScanner::Config::Value('dangerscan', $message);
>      $ent = $message->{entity};
>
>      # Search for multipart/partial messages. This is entity-based as
>diff -urN MailScanner-4.31.2/lib/MailScanner/SweepOther.pm
>MailScanner-4.31.2.DCscan/lib/MailScanner/SweepOther.pm
>--- MailScanner-4.31.2/lib/MailScanner/SweepOther.pm    2004-01-31
>15:11:23.000000000 +0000
>+++ MailScanner-4.31.2.DCscan/lib/MailScanner/SweepOther.pm     2004-05-26
>20:34:52.000000000 +0100
>@@ -106,6 +106,8 @@
>
>        next unless defined $message; # Should be a message for all
> .header files
>
>+      unless MailScanner::Config::Value('dangerscan', $message);
>+
>        my @headers = <$headerfh>;
>
>
>        #print STDERR "Checking for Happy virus in $DirEntry ($id)\n";
>@@ -331,6 +333,9 @@
>    while(($id, $attachtypes) = each %$FileOutput) {
>      next unless $id;
>      $message = $batch->{messages}{$id};
>+
>+    next unless MailScanner::Config::Value('dangerscan', $message);
>+
>      $tnefname = $message->{entity2file}{$message->{tnefentity}};
>
>      my($i, $MatchFound, $FiletypeRules, $LogTypes);
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list