#!/bin/rc
# validateattachment mboxfile
rfork en
upastmp=/mail/tmp
#
# exit status matching:
#
# *discard* - is really bad, refuse the message
# *accept* - is really good, leave attachment alone
# * - rewrite attachment to have .suspect extension
#
if(! ~ $#* 1){
echo usage: validateattachment mboxfile >[1=2]
exit usage
}
echo validating >[1=2]
fn save {
d=`{date -n}
cp body $upastmp/$d.$1
cp raw $upastmp/$d.$1.raw
whatis x >$upastmp/$d.$1.file
}
fn sigexit {
rm -f $upastmp/$d.$1^('' .raw .file)
}
upas/fs -f $1
cd /mail/fs/mbox/1
x=`{file body | sed s/body://}
x=$"x
switch($x){
case *Ascii* *text* *'c program'* *'rc executable'*
save accept
exit accept
case *'zip archive'*
# >[2=1] because sometimes we get zip files we can't parse
# but the errors look like
# unzip: reading data for philw.doc.scr failed: ...
# so we can still catch these.
if(unzip -tsf body >[2=1] | grep -si ' |\.(scr|exe|pif|bat|com)$'){
echo executables inside zip file!
exit discard
}
case jpeg 'PNG image' bmp 'GIF image' *'plan 9 image'*
save accept
exit accept
case *Microsoft* *Office*
save wrap
exit wrap
case *MSDOS*
# no executables
echo $x
exit discard
}
save wrap
exit wrap
|