At 09:09 2004-05-13 +0200, Oliver Thiele wrote:
[snip]
X-Priority: 3))))))))
Content-Type: multipart/mixed;
boundary="------------030707050102000900040404"
X-Virus-Status: Failed
X-Virus-Report: clamscan error 127
X-SpamBouncer: 1.9 (3/28/04)
X-SBStop: Netsky-P Virus/Worm
X-SBClass: Virus
X-Folder: Virus
(body discarded)
--
So what did i do wrong ? Is something broken in the Content-Type or
boundary section?
YOU ARE STILL RETAINING THE ORIGINAL MESSAGE HEADERS *AS* THE *NEW* MESSAGE
HEADERS. THE MIME HEADERS ARE CONFUSING YOUR MUA.
Let me bottom line it for you: this is a stupid way to send a virus
notification. The way you're doing it, besides retaining MIME stuff that
doesn't belong (and which causes grief with your MUA), you make it appear
to be from the original sender (rather than a "VirusAlert(_at_)yourdomain(_dot_)tld"
account or similar), it bears the original subject (rather than "OMG some
dumbfsck sent you a virus!" or similar), AND it bears the original
datestamp, messageid, and recieved history, plus all the other cruft in the
original headers.
Thus far, I've seen no evidence that you simply used the recipe material I
directed you to in the list archives. I *KNOW* those work - I get scores
of functional virus advisories every day.
My advice: start with something that works, and when you actually
understand how it works, THEN dick with it. This goes trebly for anything
you're doing on a server-wide level. Mucking up other people's email isn't
good.
Although the two URLs I previously supplied contained quite a bit of
commentary, let me add a bit more:
# this assumes that the variable VIRUSNAME would have been set at some point
# prior to indicate the name of the virus/malware, and will be empty
# otherwise. *I* happen to use it in the construction of the subject later,
# but you could simply use "TRUE" or "YES" or whatever by setting it after
# your virus scan returns a positive.
:0
* ! VIRUSNAME ?? ^^^^
{
# assuming you're running this from /etc/procmailrc, and haven't
# properly tested everything in a sandbox first, let's preserve a
# copy DURING TESTING PHASE
:0c:
/etc/procmailrcs/quarantine/virus.mbx
# trucate the body
# like, just what it says - except the original headers are
# presently still intact as the headers of this message. That
# includes mime stuff. 'b' because we're filtering the body, 'f'
# because we're filtering, and 'i' because the nature of this filter
# doesn't much care about reading the input, so we need to ignore the
# error which procmail would otherwise detect because the body wasn't
# read on stdin.
:0bfi
| echo "(body discarded)"
# cannot reply to the sender because it is probably forged.
# (given crap like Klez and SnoWhite), so just
# send advisory to the listadmin.
# BOUNCER is the admin address. In your case, you might rather
# set BOUNCER to $LOGNAME first, which would simply address it to
# whomever would have been receiving THIS message in the first place.
# The REPLYTO and BOUNCER variables are separate because the
# bouncer.rc file is constructed such that it might send something
# to the sender of a message and/or to the recipient (which for the
# original purpose of the script was a listadmin).
BOUNCER=NoReply+VirusScanner(_at_)host(_dot_)yourdomain(_dot_)tld
REPLYTO=$LOGNAME
# this is a filename which the bouncer.rc will tack into the
# new body above the original message headers. It's intended to
# contain an explanitory text for the recipient, advising them that
# what follows is the headers of the original virus message...
BOUNCEMSG=virus.msg
# see, here's where I employ the VIRUSNAME variable. You could
# instead simply set this to "Virus rejected"
BOUNCESUBJ="virus rejected [$VIRUSNAME]"
#--------------------------------------------------------------
# follows is a very basic condensation of the bouncer.rc script:
# if you read the messages in the archive I previously posted
# URLs to, all these variables should be *THOROUGHLY* documented
LOG="BOUNCE: $FILTER_ID - $BOUNCESUBJ
BOUNCE: To: $REPLYTO$NL"
:0
| (sed -e '1d' | cat $AUTOREPLY/$BOUNCEMSG - | \
formail -I "Subject: [ADVISORY] $BOUNCESUBJ" \
-I "To: $REPLYTO" \
-I "X-Loop: ${PROCESS}-${LOOPALERT}" \
-I "From: $BOUNCER") | $SENDMAIL -t -f $BOUNCER
#--------------------------------------------------------------
}
The key thing to note there is how the message is delivered via a pipeline:
| ( sed -e '1d' | cat <something> - | formail <options> ) $SENDMAIL
The sed passes the original message minus the heading From line (headers
plus the already truncated body) to cat, which FIRST emits the advisory
textfile, THEN its own STDIN (that's what the hyphen is) - this places the
original message HEADERS below the advisory textfile - all this is then
piped to formail which generates a fresh set of headers (WITH NO MIME STUFF
INAPPROPRIATE TO YOUR NEW MESSAGE), and the lot is passed along to sendmail
to be inserted into the mail delivery to the designated user.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail