m-filter

Filerting Mails (Ver 0.5, Nov, 2000 - May 2002, written by T. OSHIMA)
m-filter is a filter program which reads a data from stdin, filters it and outputs the resulting data to stdout or calls a program with putting the data into its stdin. The purpose of the filtering is to remove virus from mails under the operation of a mailing list. Note that now the virus gives false information in the mail header such as From:/To: fields and also the false content type.

The program removes attached files or parts in HTML from the mail with multipart (which has attached files or HTML format) according to the indication.
It has the following functions which are suitable for the operation of mailing lists.

m-filter can be generated from its source in C
>gcc -O -o m-filter m-filter.c
Under Visual C
>cl -O m-filter.c

Default setting:

1. Content types which are denied.
text/html

2. Content types which are allowed.
text/plain, text/rfc822, message/plain, message/rfc822

3. Extensions to be allowed.
c, h, dif, patch, gz, lzh, zip, tar, tgz, tan, pl, pk, tex, dvi, tfm, sty, dtx, txt, doc, xls, htm, html, log, ps, eps, jpg, gif, bmp, pdf, wmf, emf, png, tif, tiff, jpeg

4. Extensions to be denied.
exe, com, cmd, bat, pif, scr, vbs, lnk

Checking the each content type of a mail with multipart, m-filter removes the part if it has a denied content type (it is text/html, which is canceled by and -w option) and then output the part if it has an allowed content type.

In the remaining parts, the attached files are allowed only if the extensions of the attached files are allowed and the other attached files are removed.

-x If this option is indicated, the attached files with denied extension are removed and the other attached files are allowed.

-m If this optiuon is indicated, the nesting of multiparts are allowed up to three stages. The nesting of multiparts (exceeding this lebel) are removed.

-u The uuencoded parts are allowed.

-r If Reply-To: is written in the mail header, it is remarked at the end of the mail.

-q<num> If this option is indicated and the lines begining with the character '>' continues more than <num> lines, the exceeding lines are removed. The default of <num> equals 10 and it is indicated such as -q15.

If some parts are removed, some comments are inserted. On the other hand, if -i option is indicated, no parts are removed but some comments are inserted for the parts to be removed.

-o=<log_file> The delated parts are kept to the indicated file togeter with the data of Date: and From: from the mail header.

-p=<program> <parameters> This option should be indicated at the last. m-filter executes <program> with the parameter <parameters> and puts the filtered data to the stdin of the program. <program> should exists in the same directory where the executed m-filter exists. (This is from the view point of the sequrity as in smrsh.)

Recently under ReadHat Linux, sendmail uses smrsh and then in the setting in aliases or the setting in an included file indicated by aliases, the pipe from m-filer to other program cannot be written. Hence this option should be used. The following setting is an example of the included file to use m-filter and fml which is a program to operates mailing lists.

"|/usr/local/bin/m-filter -m -q -o=/var/spool/ml/elena/delete.log
-p=/usr/local/fml/fml.pl /var/spool/ml/elena"

Here it is assumed that fml works if m-filtes is not used under

"|/usr/local/fml/fml.pl /var/spool/ml/elena"

Note that the settings such as

ln -s /usr/local/fml/fml.pl /usr/adm/sm.bin/
ln -s /usr/local/bin/m-filter /usr/adm/sm.bin/

are necessary.

The above setteing is equal to the following without smrsh.

"|/usr/local/bin/m-filter -m -q -o=/var/spool/ml/elena/delete.log
|/usr/local/fml/fml.pl /var/spool/ml/elena"

@<file>@The parameter file is indicated where the content types to be allowed/denied, the extensions of attached files to be allowed/denied and the file where the deleted parts are kept are written. Then the default setting (cf. m-filter.dat) is replaced by this.
In the file, the parameter are written separated by the key words of the items #ALLOW_TYPE, #DENY_TYPE, #ALLOW_EXT, #DENY_EXT, #DELETE_LOG, #END such as
#ALLOW_TYPE
text/plain message/rfc822
#ALLOW_EXT
gz ps jpg tgz
pdf tif lzh zip
#DELETE_LOG=/usr/local/log/m-filter.log

The lines begining with a character ; are ignored.

It is better to check as follows before the real usage of m-filter.
>cat <a mail> | m-filter <parameters> | less

Return to Programs and Utility