Re: [hypermail] Avoiding archiving viral content

From: Daniel Stenberg <>
Date: Mon, 25 Jun 2001 15:29:42 +0200 (MET DST)
Message-ID: <>

On Fri, 22 Jun 2001, Scott Rose wrote:

(I do second Darryl Lee's mail about using pipes, we don't need to invent wheels.)

> I'd like to avoid archiving viruses as attachments. We run several
> hundred hypermail lists, and everytime there is another outbreak of
> virus, there is the need to go into the archives and crudely hack out the
> offending attachments. Since it's so painful to remove entire messages,
> my practice has been to just rm the attachments, but I still get
> complaints from users who don't realize that cleanup has been performed.
> Best would be to prevent archiving this stuff in the place of firstness.

Exactly. That is *before* storing the mail or passing it to hypermail.

> I had high hopes for the ignore_types option. But ignore_types is based
> upon the MIME type of the attachment, which is set by the sending client.
> Not good enough. My Netscape mailer, for example, sends .vbs attachments
> as video/mpeg (for reasons unknown and apparently unknowable), and I'm
> not even *trying* to circumvent the mechanism.

Well, the MIME type is defined in the MIME standards to define the type of the attachment. Thus, hypermail use that.

> My next idea is to add my own code to reject attachments based upon
> filename extension. That would work, but one is reluctant to create yet
> another local fork of hypermail, and I dream that others have found a way
> to work this issue using facilities already present in hypermail.

First, you adding code doesn't mean you fork. You could provide us with a patch and it might get added to the main sources.

Also, keeping a patch (even if it wouldn't be added in the main sources) could be useful as it could be applied to upcoming releases too, as long as the logic doesn't change too much.

However, ignoring attachments based on file name extensions seem very error prone and without much use. Aren't virus authors more clever than that?

Personally, I always store the mails and when occationally I receive a virus to an archive, I remove it from the mailbox and rerun hypermail on it.

> OASDN, configuring hypermail to ignore MIME types isn't as much fun as I
> thought it would be. I am loathe to put the list of offending types into
> a .hmrc file because I want to let users control details of their
> archives themselves. What would be neato would be if there could be a
> hierarchy of config files, perhaps implemented via an include command.

I agree with that. It wouldn't even be hard.

> Instead, I hacked setup.c to set a value. Another little fork in the
> road.

Not a fork, just a customisation.

      Daniel Stenberg - - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
Received on Mon 25 Jun 2001 03:37:10 PM GMT

This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:53 PM GMT GMT