Paul O Bartlett <pobart(_at_)access(_dot_)digex(_dot_)net> writes:
Because I know even less perl than procmail, I will have to study
this one for a while. I did want to acknowledge your kind solution to
the first part right away.
I suggest just running that snippet of perl on various files and
seeing what it returns. If you don't have perl availible, you can
instead substitute a small shell script that decides on the file
suffix, say:
#!/bin/sh
case $1 in
*.zip|*.exe|*.com|*.gif) exit 0;; # binary
esac
exit 1
You'll want to add some more endings to the above. Assuming that the
shell script was named test-binary, then the condition line would say:
* ? /the/directory/you/put/it/in/test-binary $FILE
BTW: I'm now sure that you can leave out the '$' before the '?'.
BTW2: I failed in my previous post to catch a security hole in your
setup. Someone could request a filename with ';' or '&' in it and
cause an arbitrary program to be run. I'd *STRONGLY* suggest limiting
filenames to just alphanumerics, period, dash and underbar. This is
most easily done in the condition that extracts the filename, changing
* ^Subject: +get +file +\/[^ ]+
to read
* ^Subject: +get +file +\/[-a-z0-9_.]+
Note that an earlier condition in your setup which checked for [a-z0-9]
is _not_ adequate, as that only required one character in the filename
to be alphanumeric. Making the check during the extraction is by far
the best place to do it.
You suggest using base64 encoding rather than uuencode. All the
files in my ftp lib are either straight text files, which need no
encoding, or MS-DOS binary files of one kind or another. I could be
wrong, but my observation seems to be that MD-DOS'ers are less familiar
with base64 than with uuencode. On newsgroups, I have seen far more
inquiries, What is base64???, than I have seen, What is uuencode??? In
fact, I'm not sure I even have a base64 coder for MS-DOS myself. That
is why I said uuencode. (In fact, my ftp lib has a self-extracting
ASCII-but-executable uudecoder in it, courtesy of Jim Tucker's NETRUN
program.)
In that case, by all means use uuencode. I'd be tempted to let the
user make the choice, changing the request Subject: header to say:
Subject: get file mime foo
or
Subject: get file uuencode foo
You would need to add "(mime|uuencode) +" to a couple of the regexps,
then where my previous post started, say:
...
FILE=$MATCH
LOG=$WHOFROM
:0 a
{
:0
* ^Subject: +get +file +uuencode
{
# You can sub the test-binary condition for the perl below
# if wanted.
:0 h
* ? perl -e "exit(-T '$FILE')"
| (cat -; uuencode ./$FILE $FILE ) | $SENDMAIL -oi -t
:0 h
| cat - ./$FILE | $SENDMAIL -oi -t
}
:0 E
{
# That big chunk from my previous post, indented another level
...
}
}
}
Philip Guenther