1#!/bin/rc 2# validateattachment mboxfile 3rfork en 4upastmp=/mail/tmp 5# 6# exit status matching: 7# 8# *discard* - is really bad, refuse the message 9# *accept* - is really good, leave attachment alone 10# * - rewrite attachment to have .suspect extension 11# 12 13if(! ~ $#* 1){ 14 echo usage: validateattachment mboxfile >[1=2] 15 exit usage 16} 17 18echo validating >[1=2] 19fn save { 20 d=`{date -n} 21 cp body $upastmp/$d.$1 22 cp raw $upastmp/$d.$1.raw 23 whatis x >$upastmp/$d.$1.file 24} 25fn sigexit { 26 rm -f $upastmp/$d.$1^('' .raw .file) 27} 28 29upas/fs -f $1 30cd /mail/fs/mbox/1 31 32x=`{file body | sed s/body://} 33x=$"x 34switch($x){ 35case *Ascii* *text* *'c program'* *'rc executable'* 36 save accept 37 exit accept 38 39case *'zip archive'* 40 # >[2=1] because sometimes we get zip files we can't parse 41 # but the errors look like 42 # unzip: reading data for philw.doc.scr failed: ... 43 # so we can still catch these. 44 if(unzip -tsf body >[2=1] | grep -si ' |\.(scr|exe|pif|bat|com)$'){ 45 echo executables inside zip file! 46 exit discard 47 } 48 49case jpeg 'PNG image' bmp 'GIF image' *'plan 9 image'* 50 save accept 51 exit accept 52 53case *Microsoft* *Office* 54 save wrap 55 exit wrap 56 57case *MSDOS* 58 # no executables 59 echo $x 60 exit discard 61} 62 63save wrap 64exit wrap 65