From: Sebastian W. <seb...@wo...> - 2006-12-21 22:16:14
|
Hi, I have a rather strange question about amavis which you guys hopefully might be able to answer. Is there a way of changing the way amavis splits up mails to different parts? The reason why I am asking is I would like to test the behaviour of a particular virus scanner when it comes to special file names. Consider the following example (excerpt from a test mail): [ ... ] Message-Id: <20061218221543.94B527ED5@localhost.localdomain> This is a multi-part message in MIME format. --_----------=_116673842188290 Content-Disposition: inline Content-Length: 16 Content-Transfer-Encoding: binary Content-Type: text/plain Test JPG --_----------=_116673842188290 Content-Disposition: attachment; filename="test1234.jpg" [ ... ] What I need to do is to pass on the *exact* filename as defined in this section (here: test1234.jpg) to the virus scanner (without any tampering by amavis). Is there any way to make amavis behave like this? Thank you very much. Best regards, Sebastian Wolfgarten |
From: Mark M. <Mar...@ij...> - 2006-12-22 00:03:19
|
Sebastian, > I have a rather strange question about amavis which you guys hopefully > might be able to answer. Is there a way of changing the way amavis > splits up mails to different parts? > The reason why I am asking is I would like to test the behaviour > of a particular virus scanner when it comes to special file names. > Consider the following example (excerpt from a test mail): > Message-Id: <20061218221543.94B527ED5@localhost.localdomain> > Content-Disposition: attachment; filename="test1234.jpg" > What I need to do is to pass on the *exact* filename as defined in this > section (here: test1234.jpg) to the virus scanner (without any tampering > by amavis). Is there any way to make amavis behave like this? I'll try to answer for amavisd-new: when mail is split up to parts, these parts are stored to files with generated names, regardless of what the 'suggested' file name in MIME type or archive member name says. These generated filenames are always named p001, p002, etc, which is also what each virus scanner sees. The original (suggested) file names in all their forms are available for 'banned' checks, but are never given to AV or spam scanners in their original form. I guess this is not the answer you are looking for. It is currently not possible with amavisd-new to give original file names to decoded parts (without modifying code) - for various reasons: there may be multiple possible file names available for each part (e.g. MIME: 'filename' and 'name' attributes), there may be a raw as well as encoded file name interpretations, or suggested file name may not be representable on a given file system (e.g. too long or using 'reserved' characters like '/' or null, which could be misinterpreted by a virus scanner). One reason is also security, although this one is less important now when there is no chance a shell would see decoded parts. Mark |