diff options
-rw-r--r-- | Mailman/Gui/Privacy.py | 8 | ||||
-rw-r--r-- | Mailman/Handlers/SpamDetect.py | 26 |
2 files changed, 25 insertions, 9 deletions
diff --git a/Mailman/Gui/Privacy.py b/Mailman/Gui/Privacy.py index c3f3d49e..2668140b 100644 --- a/Mailman/Gui/Privacy.py +++ b/Mailman/Gui/Privacy.py @@ -384,7 +384,13 @@ class Privacy(GUIBase): You can have more than one filter rule for your list. In that case, each rule is matched in turn, with processing stopped after - the first match.""")), + the first match. + + Note that headers are collected from all the attachments + (except for the mailman administrivia message) and + matched against the regular expressions. With this feature, + you can effectively sort out messages with dangerous file + types or file name extensions.""")), _('Legacy anti-spam filters'), diff --git a/Mailman/Handlers/SpamDetect.py b/Mailman/Handlers/SpamDetect.py index 6d6cce13..38d7f24d 100644 --- a/Mailman/Handlers/SpamDetect.py +++ b/Mailman/Handlers/SpamDetect.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2003 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2004 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -96,17 +96,27 @@ def process(mlist, msg, msgdata): # First do site hard coded header spam checks for header, regex in mm_cfg.KNOWN_SPAMMERS: cre = re.compile(regex, re.IGNORECASE) - value = msg[header] - if not value: - continue - mo = cre.search(value) - if mo: - # we've detected spam, so throw the message away - raise SpamDetected + for value in msg.get_all(header, []): + mo = cre.search(value) + if mo: + # we've detected spam, so throw the message away + raise SpamDetected # Now do header_filter_rules g = HeaderGenerator(StringIO()) g.flatten(msg) headers = g.header_text() + # TK: Collect headers in sub-parts because attachment filename + # extension may be a clue to possible virus/spam. + # Check also 'X-List-Administrivia' header if the message was owner + # notification. Held message may be attached and have matching header + # which may cause infinite loop of holding. + if msg.is_multipart() and not msg.get('x-list-administrivia',''): + for p in msg.walk(): + g = HeaderGenerator(StringIO()) + g.flatten(p) + headers = g.header_text() + headers = re.sub('\n+', '\n', headers) # remove extra cr + headers = re.sub('\n\s', ' ', headers) # connect multiline for patterns, action, empty in mlist.header_filter_rules: if action == mm_cfg.DEFER: continue |