Fixes for #1152

Fix text/x-mail returned from file command Fix to not assume first item in quarantine is full message
mailwatch · Sep 1, 2024 · 01ffc83 · 01ffc83
1 parent ae0d5d1
commit 01ffc83
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 2 deletions.
diff --git a/mailscanner/do_message_ops.php b/mailscanner/do_message_ops.php
@@ -96,7 +96,10 @@
             echo '<td class="error">' . $items . '</td>' . "\n";
         } else {
             if (count($items) > 0) {
-                $num = 0;
+                // Originally this was 0, which assumed entire message was first item
+                // Now pass -1, which will inform quarantine_release and quarantine_learn
+                // to scan for entire message regardless of its position in the items list
+                $num = -1;
                 $itemnum = [$num];
                 echo '<td>';
                 if ('release' === $type) {

diff --git a/mailscanner/functions.php b/mailscanner/functions.php
@@ -3528,7 +3528,12 @@ function quarantine_list_items($msgid, $rpc_only = false)
                     $quarantined[$count]['to'] = $row->to_address;
                     $quarantined[$count]['file'] = $f;
                     $file = escapeshellarg($quarantine . '/' . $f);
-                    $quarantined[$count]['type'] = ltrim(rtrim(shell_exec('/usr/bin/file -bi ' . $file)));
+                    $type = ltrim(rtrim(shell_exec('/usr/bin/file -bi ' . $file)));
+                    // In some cases file returns text/x-mail instead of message/rfc822
+                    if (preg_match('!^text/x-mail!', $type)) {
+                        $type = 'message/rfc822';
+                    }
+                    $quarantined[$count]['type'] = $type;
                     $quarantined[$count]['path'] = $quarantine . '/' . $f;
                     $quarantined[$count]['md5'] = md5($quarantine . '/' . $f);
                     $quarantined[$count]['dangerous'] = $infected;
@@ -3576,6 +3581,17 @@ function quarantine_release($list, $num, $to, $rpc_only = false)
     $new = quarantine_list_items($list[0]['msgid']);
     $list = &$new;
 
+    // Check for [-1], indicating just to release message itself, regardless of its item position
+    if ($num[0] === -1) {
+        // Locate message in items
+        for ($index=0;$index<count($list);$index++) {
+            if (preg_match('/message\/rfc822/', $list[$index]['type'])) {
+                $num = [$index];
+                break;
+            }
+        }
+    }
+
     if (!$rpc_only && is_local($list[0]['host'])) {
         if (!QUARANTINE_USE_SENDMAIL) {
             // Load in the required PEAR modules
@@ -3698,6 +3714,18 @@ function quarantine_learn($list, $num, $type, $rpc_only = false)
     }
     $new = quarantine_list_items($list[0]['msgid']);
     $list = &$new;
+
+    // Check for [-1], indicating just to release message itself, regardless of its item position
+    if ($num[0] === -1) {
+        // Locate message in items
+        for ($index=0;$index<count($list);$index++) {
+            if (preg_match('/message\/rfc822/', $list[$index]['type'])) {
+                $num = [$index];
+                break;
+            }
+        }
+    }
+
     $status = [];
     if (!$rpc_only && is_local($list[0]['host'])) {
         // prevent sa-learn process blocking complete apache server