| View previous topic :: View next topic |
| Author |
Message |
MasquedAvenger
Guru
Joined: 21 Aug 2003
Posts: 559
Location: Southern California
|
 Posted: Sat Apr 24, 2004 6:41 pm Post subject: Stripping attachments from mail in .maildir format |
 |
|
Hey everyone. I want to setup a procmail recipe to strip attachments from email and leave the messages themselves intact. Any ideas?
James |
|
| Back to top |
|
 |
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Sat Apr 24, 2004 7:09 pm Post subject: |
|
|
| What about MIMEDefang or AntiMIME? |
|
| Back to top |
|
|
MasquedAvenger
Guru
Joined: 21 Aug 2003
Posts: 559
Location: Southern California
|
| Posted: Sat Apr 24, 2004 8:37 pm Post subject: |
|
|
I'll have to look into those. They actually will delete the attachment rather than just rename the file, make it a different type of attachment, etc.?
By the way, sort of off topic, what I'm doing is using procmail to have ClamAV scan incoming mail, and if a virus is detected, rather than simply delete the entire email or move it to a quarantine folder, I will instead read the integer that ClamAV returns when it exits, and if it exits with the code that means there is a virus, I will strip the email of all attachments and append something to the subject of the email so that the message itself can still be read if the user so wishes.
James |
|
| Back to top |
|
|
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Sat Apr 24, 2004 10:42 pm Post subject: |
|
|
| MasquedAvenger wrote: | | They actually will delete the attachment rather than just rename the file, make it a different type of attachment, etc.? |
I don't know. I have never personally used them, but I remembered them when I was curious about stripping attachments.  |
|
| Back to top |
|
|
MasquedAvenger
Guru
Joined: 21 Aug 2003
Posts: 559
Location: Southern California
|
| Posted: Sun Apr 25, 2004 4:59 am Post subject: |
|
|
Oh ok. Well I guess I'll just have to look into it then Thanks for the references.
James |
|
| Back to top |
|
|
rocketchef
n00b
Joined: 08 Feb 2004
Posts: 24
|
| Posted: Sun May 02, 2004 11:04 am Post subject: |
|
|
Well, I did the following:
| Code: |
:0B
* ^Content-Type:.*name=.*\.exe
| /home/niels/skripte/deattach.pl
|
and this is my script:
| Code: |
#!/usr/bin/perl -w
use strict;
use Mail::Audit;
use Mail::Audit::Attach qw(Attach);
my $attachdir = '/home/niels/Mail/quarantine';
my $mail = Mail::Audit->new;
my $attachments = $mail->attachments || die "hier liegt der fehler\n";
foreach (@$attachments)
{
if ($_->mime_type eq 'application/x-msdownload' || $_->filename =~ m/\.exe$/ )
{
$_->save($attachdir);
$_->remove;
}
}
$mail->pipe('/usr/bin/procmail') || die "no procmail";
|
This is for MS .exe files only, change MIME types at will
HTH,
Niels |
|
| Back to top |
|
|
MasquedAvenger
Guru
Joined: 21 Aug 2003
Posts: 559
Location: Southern California
|
| Posted: Sun May 02, 2004 4:32 pm Post subject: |
|
|
That is really awesome. Thank you so much One question though: I'm not quite sure how to make this activate only if ClamAV exits with the return code that signifies the presence of a virus.
James |
|
| Back to top |
|
|
Little Nemo
l33t
Joined: 29 Mar 2004
Posts: 623
Location: Berlin, Germany
|
| Posted: Sun May 02, 2004 7:03 pm Post subject: |
|
|
| Yes, as always Perl is the (or at least an) answer. But as typically with Perl, "there's more than one way to do it". You could also call clamav from Perl to make sure the attachment you're dropping is the infected one. And of course ".exe" files are not the only bad attachments. |
|
| Back to top |
|
|
ahadley
n00b
Joined: 08 Jan 2004
Posts: 45
Location: UK
|
| Posted: Sun Feb 20, 2005 12:13 am Post subject: |
|
|
Sorry to drag up an old post like this but i am having problems with the perl script above, i get the following error:
Can't locate Mail/Audit.pm in @INC
Any help would be appreciated,
Thanks in advance,
Alex
_________________
Common sense is the collection of prejudices acquired by age eighteen.
Albert Einstein |
|
| Back to top |
|
|
ahadley
n00b
Joined: 08 Jan 2004
Posts: 45
Location: UK
|
| Posted: Sun Feb 20, 2005 12:36 am Post subject: |
|
|
Okay, sorry - am now installing the module with perl -MCPAN -e 'install Mail::Audit'... d'uh
Thanks,
and sorry for asking a stupid question
Alex
_________________
Common sense is the collection of prejudices acquired by age eighteen.
Albert Einstein |
|
| Back to top |
|
|
ahadley
n00b
Joined: 08 Jan 2004
Posts: 45
Location: UK
|
| Posted: Sun Feb 20, 2005 11:44 am Post subject: |
|
|
Well, I installed the perl module as required, and have procmail working, to a certain extent, but have 2 issues.
the first is with the above perl script, which freezes on the line:
| Code: | my $mail = Mail::Audit->new;
|
I know it is this line as i added many printf's to the file to debug it...
It just freezes here untill i get (from the log file):
| Code: | Timeout, terminating "/path/to/sortscript.pl"
|
Any help??
Thanks in advance,
Alex
_________________
Common sense is the collection of prejudices acquired by age eighteen.
Albert Einstein |
|
| Back to top |
|
|
rocketchef
n00b
Joined: 08 Feb 2004
Posts: 24
|
| Posted: Mon Jul 04, 2005 8:30 pm Post subject: |
|
|
Sorry this is really a late reply, you might already have found an answer, but anyway:
| Code: |
my $mail = Mail::Audit->new;
|
waits for a mail on stdin, so please use:
| Code: |
/path/to/my/script.pl < newmail.mail
|
where newmail.mail is a textfile in rfc format
hth,
Niels |
|
| Back to top |
|
|
MasquedAvenger
Guru
Joined: 21 Aug 2003
Posts: 559
Location: Southern California
|
| Posted: Thu Jul 07, 2005 5:51 pm Post subject: |
|
|
Thanks for the answer I actually went with amavisd-new for the virus scanning, but that's good information to know.
James
_________________
"There are no uninteresting things; only uninterested people." --G.K. Chesterton |
|
| Back to top |
|
|
|
Networking & Security
