m-filter

Filerting Mails (Ver 0.5, Nov, 2000 - May 2002, written by T. OSHIMA)

m-filter is a filter program which reads a data from stdin, filters it and outputs the resulting data to stdout or calls a program with putting the data into its stdin. The purpose of the filtering is to remove virus from mails under the operation of a mailing list. Note that now the virus gives false information in the mail header such as From:/To: fields and also the false content type.

The program removes attached files or parts in HTML from the mail with multipart (which has attached files or HTML format) according to the indication.

It has the following functions which are suitable for the operation of mailing lists.

Attached files are removed according to its extension. The extensions to be allowed or the extensions to be removed can be indicated. The filename in the mail may be encoded in MIME format.
The parts of the content type text/html are removed (ON/OFF).
The parts of the indicated content type are removed or allowed.
A continuous quoted lines exceeding an indicated limit are removed.
Reply-To: in the mail header can be appended at the end of the mail.
The list of indicated extensions and content types can be read from a file.
The cases are ignored in the pattern maching for extensions and key words written in small characters such as boundary= .
m-filter inserts a message for a deleted part and the delated part can be kept in a log file.
m-filter corresponds to smrsh. Under smrsh with sendmail, m-filter can give a filtered data to the indicated program such as the program for mailing lists.

m-filter can be generated from its source in C

>gcc -O -o m-filter m-filter.c

Under Visual C

>cl -O m-filter.c

Default setting:: 1. Content types which are denied.
text/html; 2. Content types which are allowed.
text/plain, text/rfc822, message/plain, message/rfc822; 3. Extensions to be allowed.
c, h, dif, patch, gz, lzh, zip, tar, tgz, tan, pl, pk, tex, dvi, tfm, sty, dtx, txt, doc, xls, htm, html, log, ps, eps, jpg, gif, bmp, pdf, wmf, emf, png, tif, tiff, jpeg; 4. Extensions to be denied.
exe, com, cmd, bat, pif, scr, vbs, lnk

Checking the each content type of a mail with multipart, m-filter removes the part if it has a denied content type (it is text/html, which is canceled by and -w option) and then output the part if it has an allowed content type.

In the remaining parts, the attached files are allowed only if the extensions of the attached files are allowed and the other attached files are removed.

-x If this option is indicated, the attached files with denied extension are removed and the other attached files are allowed.

-m If this optiuon is indicated, the nesting of multiparts are allowed up to three stages. The nesting of multiparts (exceeding this lebel) are removed.

-u The uuencoded parts are allowed.

-r If Reply-To: is written in the mail header, it is remarked at the end of the mail.

-q<num> If this option is indicated and the lines begining with the character '>' continues more than <num> lines, the exceeding lines are removed. The default of <num> equals 10 and it is indicated such as -q15.

If some parts are removed, some comments are inserted. On the other hand, if -i option is indicated, no parts are removed but some comments are inserted for the parts to be removed.

-o=<log_file> The delated parts are kept to the indicated file togeter with the data of Date: and From: from the mail header.

-p=<program> <parameters> This option should be indicated at the last. m-filter executes <program> with the parameter <parameters> and puts the filtered data to the stdin of the program. <program> should exists in the same directory where the executed m-filter exists. (This is from the view point of the sequrity as in smrsh.)

Recently under ReadHat Linux, sendmail uses smrsh and then in the setting in aliases or the setting in an included file indicated by aliases, the pipe from m-filer to other program cannot be written. Hence this option should be used. The following setting is an example of the included file to use m-filter and fml which is a program to operates mailing lists.

"|/usr/local/bin/m-filter -m -q -o=/var/spool/ml/elena/delete.log
-p=/usr/local/fml/fml.pl /var/spool/ml/elena"

Here it is assumed that fml works if m-filtes is not used under

"|/usr/local/fml/fml.pl /var/spool/ml/elena"

Note that the settings such as

ln -s /usr/local/fml/fml.pl /usr/adm/sm.bin/
ln -s /usr/local/bin/m-filter /usr/adm/sm.bin/

are necessary.

The above setteing is equal to the following without smrsh.

"|/usr/local/bin/m-filter -m -q -o=/var/spool/ml/elena/delete.log
|/usr/local/fml/fml.pl /var/spool/ml/elena"

@<file>　The parameter file is indicated where the content types to be allowed/denied, the extensions of attached files to be allowed/denied and the file where the deleted parts are kept are written. Then the default setting (cf. m-filter.dat) is replaced by this.
In the file, the parameter are written separated by the key words of the items #ALLOW_TYPE, #DENY_TYPE, #ALLOW_EXT, #DENY_EXT, #DELETE_LOG, #END such as

#ALLOW_TYPE
text/plain message/rfc822
#ALLOW_EXT
gz ps jpg tgz
pdf tif lzh zip
#DELETE_LOG=/usr/local/log/m-filter.log

The lines begining with a character ; are ignored.

It is better to check as follows before the real usage of m-filter.

>cat <a mail> | m-filter <parameters> | less

Return to Programs and Utility