extract all images from spam folder?

Glenn Steen glenn.steen at gmail.com
Tue Feb 6 10:31:13 CET 2007


On 06/02/07, Chris Yuzik <itdept at fractalweb.com> wrote:
> Glenn Steen wrote:
> > A) Don't quarantine the queue files, let MS save the rfc822 format
> > message file and all attachments... Kind of makes this excercise
> > almost too simple:-).
> > B) Use MailWatch (which happen to need the above settings anyway, so
> > you can look it up there:-).
> Glenn,
>
> I presume you mean this section of MailScanner.conf?
>
>     # When you quarantine an entire message, do you want to store it as
>     # raw mail queue files (so you can easily send them onto users) or
>     # as human-readable files (header then body in 1 file)?
>     Quarantine Whole Messages As Queue Files = no
>
> This is what I've already got, and it doesn't store the queue files but
> a single file containing the header, body, and any mime encoded attachments.
Ah good.

> I'd like a quick way to extract all of those mime attachments for
> analysis and testing (with things like FuzzyOCR).
>
> The interesting part is that MS already seems to store virus-infected
> messages with the attachments as separate files. Is there a way to get
> spam stored the same way?
>
> Any ideas?
Yes, I didn't think that through entirely... It involving the spam
quarantine too, which is just the rfc822 message file, as you say.
Unpacking this into its constituent parts could be done in a number of
ways... If you have MailWatch too, you'd see that this already does
this "unpacking" on the fly when you inspect a spam message (look at
the details page of the message, click on the filename at the bottom).
Using that will have the good thing with it that you are already using
a program capable of displaying the information (your browser:).
Or you could feed the file through mimencode (metamail package)...
Might need a bit of scripting... Or better yet, get ripmime
(http://www.pldaniels.com/ripmime/) and script around that.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list