<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi!<br>
<br>
I've been trying this to work too.<br>
<br>
I don't want clean emails above some size to be archived.<br>
<br>
Michael Scheidell's code is in 'before_send', but in that point
the disk archive is already written...<br>
<br>
The only way I got this sort of working wast to create a new
custom hook just before the disk archive gets written to disk:<br>
<br>
in method do_notify_and_quarantine (before line 15737):<br>
<br>
(...)<br>
my($hdr_edits) =
prepare_header_edits_for_quarantine($msginfo);<br>
<br>
#patch2 begin<br>
my($conn) = $msginfo->conn_obj;<br>
my($custom_object) = Amavis::Custom->new($conn,$msginfo);<br>
if (ref $custom_object) {<br>
my($which_section) = "custom-before_clean_quarantine";<br>
eval {<br>
@q_tuples=
$custom_object->before_clean_quarantine($conn,$msginfo,\@q_tuples);<br>
do_log(0, "[SELECTIVE ARCHIVE]: '" . Dumper(@q_tuples) );<br>
update_current_log_level(); 1;<br>
} or do {<br>
my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp
$eval_stat;<br>
do_log(-1,"custom before_clean_quarantine error: %s",
$eval_stat);<br>
};<br>
section_time($which_section);<br>
}<br>
#patch2 end<br>
if (@q_tuples) {<br>
<br>
(...)<br>
<br>
What i want to change is the @q_tuples, so there is no reference
there to disk quarantine.<br>
<br>
The plugin:<br>
<br>
package Amavis::Custom;<br>
#using amavisd-custom.conf;<br>
<br>
use strict;<br>
use Data::Dumper;<br>
use DBI qw(:sql_types);<br>
use DBD::mysql;<br>
my $__archive_quarantine_in;<br>
BEGIN {<br>
import Amavis::Conf qw(:platform :confvars c cr ca $myhostname <br>
@lookup_sql_dsn<br>
$sa_mail_body_size_limit);<br>
import Amavis::Util qw(do_log untaint safe_encode safe_decode);<br>
}<br>
<br>
sub new {<br>
my($class,$conn,$msginfo,$q_tuples) = @_;<br>
my($self) = bless {}, $class;<br>
my($conn_h) =
Amavis::Out::SQL::Connection->new(@lookup_sql_dsn);<br>
$self->{'conn_h'} = $conn_h;<br>
$self; # returning an object activates further callbacks,<br>
}<br>
<br>
sub before_clean_quarantine{<br>
my($self,$conn,$msginfo,$q_tuples) = @_;<br>
my($ll) = 0; # log level (0 is the most important level, 1,
2,... 5 less o)<br>
my($too_large) = $msginfo->msg_size >
$sa_mail_body_size_limit;<br>
my($is_clean) = $msginfo->is_in_contents_category( CC_CLEAN
);<br>
#$msginfo->is_in_contents_category(<br>
# {CC_SPAMMY,1, CC_SPAM,1, CC_BANNED,1,
CC_VIRUS,1} );<br>
<br>
do_log($ll, "[SELECTIVE ARCHIVE]: '" . $msginfo->mail_id
."'" );<br>
<br>
my($filename) = "/var/virusmails/".
substr($msginfo->mail_id,0,1)."/".$msginfo->mail_id.".gz"; <br>
if (-e $filename) {<br>
do_log($ll, "[SELECTIVE ARCHIVE]: file: '" . $filename ."'
exists" );<br>
<br>
}else{<br>
do_log($ll, "[SELECTIVE ARCHIVE]: file: '" . $filename ."'
does not exist" );<br>
} <br>
<br>
#message test start here!<br>
if($is_clean){<br>
if ($too_large)<br>
{<br>
do_log($ll, "[SELECTIVE ARCHIVE]: UNWANTED Clean
message too big (" . $msginfo->msg_size . "k >
".($sa_mail_body_size_limit/1024)."k) ");<br>
@$q_tuples=[]<br>
}<br>
else<br>
{<br>
do_log($ll, "[SELECTIVE ARCHIVE]: ".
Dumper($msginfo));<br>
}<br>
do_log($ll, "[SELECTIVE ARCHIVE]: Small Clean message (" .
$msginfo->msg_size . "k >
".($sa_mail_body_size_limit/1024)."k) OK");<br>
}<br>
else<br>
{<br>
do_log($ll, "[SELECTIVE ARCHIVE]: Message is not clean");<br>
}<br>
<br>
return @$q_tuples;<br>
<br>
<br>
<br>
}<br>
<br>
I don't know if "@$q_tuples=[]" is the best way of doing this, but
it works.<br>
There is one problem: "my($is_clean) =
$msginfo->is_in_contents_category( CC_CLEAN );" Does not work,
this instruction is always true even form spam messages...<br>
I suppose that in this spot in the code, that information is not
available yet?<br>
<br>
What is the best way of doing this?<br>
<br>
Thank you! <br>
<br>
<br>
On 07/20/2011 09:46 PM, Michael Scheidell wrote:<br>
</div>
<blockquote cite="mid:4E273EB0.2050400@secnap.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
I have a need to selectively NOT archive clean emails under
certain circumstances.<br>
we archive clean email on some servers, NOT because we want the
emails, but because we want to feed VIRGIN emails back to SA for
learning.<br>
(exchange mashes the emails and headers.. imap wasn't so bad, but
ews really mucks them up)<br>
HOWEVER, I do NOT want to archive CLEAN emails > 400K.<br>
(I still want to archive large viruses, attachments, and spam)<br>
<br>
I have (almost) got this down, but just need last step. sql
queries work, I can calculate size, read values, just want to
DISABLE archiving for LARGE clean emails (note: maybe I am doing
it in the wrong place, maybe I need a per-user loop.. since one
users clean is another users spam.. but then again, maybe the
flags are set on is_in_contents_category just fine)<br>
<br>
<br>
using amavisd-custom.conf<br>
<br>
use strict;<br>
use DBI qw(:sql_types);<br>
use DBD::mysql;<br>
my $__archive_quarantine_in;<br>
BEGIN {<br>
import Amavis::Conf qw(:platform :confvars c cr ca $myhostname
$clean_quarantine_method @lookup_sql_dsn<br>
$sa_mail_body_size_limit);<br>
import Amavis::Util qw(do_log untaint safe_encode safe_decode);<br>
}<br>
<br>
sub new {<br>
my($class,$conn,$msginfo) = @_;<br>
my($self) = bless {}, $class;<br>
my($conn_h) =
Amavis::Out::SQL::Connection->new(@lookup_sql_dsn);<br>
$self->{'conn_h'} = $conn_h;<br>
$self; # returning an object activates further callbacks,<br>
}<br>
<br>
sub before_send {<br>
my($self,$conn,$msginfo) = @_;<br>
my($ll) = 3; # log level (0 is the most important level, 1,
2,... 5 less so)<br>
my($too_large) = $msginfo->msg_size >
$sa_mail_body_size_limit;<br>
my($already_quarantined) =
$msginfo->is_in_contents_category(<br>
{CC_SPAMMY,1, CC_SPAM,1, CC_BANNED,1,
CC_VIRUS,1} );<br>
<br>
if ($too_large) {<br>
if(! $already_quarantined &&
$clean_quarantine_method =~ /sql:/) {<br>
do_log(0, "CUSTOM: UNWANTED = $msg_size"."k >
".($sa_mail_body_size_limit/1024)."k");<br>
# I want to NOT archive if it hits here.<br>
}<br>
}<br>
<br>
<div class="moz-signature">-- <br>
Michael Scheidell, CTO<br>
o: 561-999-5000<br>
d: 561-948-2259<br>
<font color="#999999">></font><font color="#cc0000"> <b>| </b></font>SECNAP
Network Security Corporation
<style type="text/css">
<!--
.unnamed1 {
margin: 1em;
padding: 1px;
} -->
</style>
<ul class="unnamed1">
<li>Best Mobile Solutions Product of 2011</li>
<li>Best Intrusion Prevention Product</li>
<li>Hot Company Finalist 2011</li>
<li>Best Email Security Product</li>
<li>Certified SNORT Integrator</li>
</ul>
</div>
<br>
<div id="disclaimer.secnap.com">
<hr>
<p>This email has been scanned and certified safe by
SpammerTrap®.
<br>
For Information please see
<a moz-do-not-send="true"
href="http://www.secnap.com/products/spammertrap/">http://www.secnap.com/products/spammertrap/</a></p>
<hr></div>
<br>
</blockquote>
<br>
</body>
</html>