MailHeader Class Reference

#include <MailHeader.h>

List of all members.

Public Member Functions
	MailHeader (SpamParameters &p, HeaderInfo &headInfo)
MailFilter::classification	parseContentType (FILE *fp, char *buf)
const char *	getBoundaryStr ()
MailFilter::classification	checkHeader (FILE *fp)
Private Member Functions
void	saveBoundary (const char *pBound)
void	fillInSections (FILE *fp)
MailFilter::classification	checkReceived (const char *buf, FILE *fp, size_t line)
MailFilter::classification	checkSubject (const char *buf, FILE *fp)
MailFilter::classification	checkFrom (const char *buf)
bool	addrContinues (const char *buf)
MailFilter::classification	checkDomainAddrs (const char *domainName, const char *pBuf)
MailFilter::classification	checkAddressSection (const char *buf, FILE *fp)
Private Attributes
Logger	log
SpamParameters &	mParams
HeaderInfo &	mHeadInfo
bool	foundValidAddress
char	boundaryStr [128]
char	pushBackBuf [1024]
char *	pPushBack

---

Detailed Description

Support for processing the email header (e.g., From:, To:, Subject:, etc...)

The pushBackBuf

When processing the email header sometimes it is necessary to read the next line to know what to do. For example, to know whether the header has come to an end with a blank line. Or to know if the subject or other parts of the header continue on the next line. By reading the next line is may also be that we've read too far. We've read a line that should be processed. To deal with this issue, the pushBackBuf is used. The next line can be read into the pushBackBuf. When subsequent logic needs another line, the pushBackBuf can be checked (to see if it is non-zero length) before reading another line.

The boundaryStr

A boundary string is used to separate the sections of a MIME formatted email. Email software (like this email filter) can skip between sections by looking for the boundary string. The boundary string is defined in the email header. The MailHeader code saves the boundary string (if it exists) in the boundaryStr buffer. The boundary string is then used in processing the email body.

Definition at line 57 of file MailHeader.h.

---

Member Function Documentation

bool MailHeader::addrContinues (  const char *  buf  )  [private]

addrContinues Return TRUE if it looks like the "to:" is spread across multiple lines. The "To:" continues on another line when the line ends with either a comma or a single quote follwed by a double quote. This function looks at the end of the line. If the line ends with: "," (comma) "'\"" (that's a single quote followed by a double quote) Note that in the code below the search is done in reverse, so the '"' is encountered before the '\'' (single quote). Definition at line 188 of file MailHeader.C. References Logger::log(). Referenced by checkAddressSection(). { bool rslt = false; log.log(Logger::DEBUG, "addrContinues", "enter"); if (buf) { int end = strlen( buf ); if (end > 0) { end--; const char *endPtr; for (endPtr = &buf[end]; endPtr >= buf && isspace(*endPtr); endPtr--) /* nada */; if (*endPtr == ',') { rslt = true; } else if (*endPtr == '"') { if (endPtr > buf && *(endPtr-1) == '\'') { rslt = true; } } } } char msgbuf[128]; sprintf( msgbuf, "returns %s", (rslt) ? "TRUE" : "FALSE" ); log.log(Logger::DEBUG, "addrContinues", msgbuf ); log.log(Logger::DEBUG, "addrContinues", "exit"); return rslt; } // addrContinues

MailFilter::classification MailHeader::checkAddressSection (  const char *  buf, FILE *  fp )  [private]

Check either the To: or Cc: sections. The "to_list" addresses, defined in SpamFilterParams, will usually be mailing lists (for example, the ANTLR anltr-interest mailing list that is distributed via Yahoo). If one of these addresses (or parts of an address) are found, then then the function will return EMAIL and no further content checking will be done by the mail filter. This function checks for the domain name specified in the my_domain secton of SpamFilterParams. If the domain is found it then checks to see if the user (e.g., the string to the left of the @) is listed in the valid_users section. This function limits user names to strings consisting of 'a'..'z' and '0'..'9' (case insensitive) plus the underscore character. Note that only one domain is allowed in the my_domain section. Before moving to my current ISP I would get any e-mail addressed to bearcave.com. This was a problem when the site bearcave.org existed since a number of bearcave.org users made the mistake of using .com when they should have used .org. Checking for valid users marks as garbage any email to a user that is not valid. Definition at line 334 of file MailHeader.C. References addrContinues(), checkDomainAddrs(), SpamParameters::getSection(), and Logger::log(). Referenced by checkHeader(). { log.log(Logger::DEBUG, "checkAddressSection", "enter"); MailFilter::classification klass = MailFilter::UNKNOWN; vector<const char *> toAddrs = mParams.getSection(SpamParameters::to_list); vector<const char *> myDomain = mParams.getSection(SpamParameters::my_domain); const char *domainName = 0; if (myDomain.size() > 0) domainName = myDomain[0]; const char *pBuf = buf; const size_t toAddrLen = toAddrs.size(); char localBuf[1024]; size_t i; bool done; do { done = true; SpamUtil().toLower(localBuf, pBuf, sizeof(localBuf)); for (i = 0; i < toAddrLen; i++) { if (strstr(localBuf, toAddrs[i]) != 0) { const char *hit = toAddrs[i]; char msg[128]; sprintf(msg, "found \"%s\", marked as EMAIL", hit ); log.log(Logger::DEBUG, "checkAddressSection", msg ); klass = MailFilter::EMAIL; break; } } // for if (klass == MailFilter::UNKNOWN && domainName != 0) { klass = checkDomainAddrs( domainName, localBuf ); } if (klass == MailFilter::UNKNOWN) { if (addrContinues(localBuf)) { if ((pBuf = fgets(localBuf, sizeof(localBuf), fp)) != 0) { done = false; } } } } while (!done); log.log(Logger::DEBUG, "checkAddressSection", "exit"); return klass; } // checkAddressSection

MailFilter::classification MailHeader::checkDomainAddrs (  const char *  domainName, const char *  pBuf )  [private]

Check the string for a user name associated with domainName. The domain name is defined in the my_domain section of SpamFilterParams. Valid user names for this domain are defined in the valid_users section. If valid user names are found then the foundValidAddrAddress flag is set to true. If there are users that are not in the valid_users list then the classification GARBAGE is returned. Otherwise, UNKNOWN is returned (UNKNOWN is returned when a valid user is found as well). Definition at line 235 of file MailHeader.C. References SpamParameters::getSection(), Logger::log(), and HeaderInfo::reason(). Referenced by checkAddressSection(). { log.log(Logger::DEBUG, "checkDomainAddrs", "enter"); assert( ((domainName != 0) && (pBuf != 0)) ); vector<const char *> validUsers = mParams.getSection(SpamParameters::valid_users); const size_t numUsers = validUsers.size(); MailFilter::classification klass = MailFilter::UNKNOWN; bool done = false; size_t domainNameLen = strlen( domainName ); const char *domainPtr = strstr(pBuf, domainName ); while (domainPtr) { if (domainPtr > pBuf+2) { domainPtr--; if (*domainPtr == '@') { // find the start and end of the user name const char *endPtr = domainPtr; domainPtr--; const char *beginPtr = domainPtr; while (beginPtr >= pBuf && isalnum( *beginPtr )) beginPtr--; if (!isalnum(*beginPtr)) { beginPtr++; } // Now check to see if the user name is in the valid_users list // Note that this function is used for both To: and Cc:, so // foundValidAddress could have been set in a previous call. bool foundInList = false; for (size_t i = 0; i < numUsers; i++) { const char *word = validUsers[i]; if (SpamUtil().match(beginPtr, endPtr, word)) { foundValidAddress = true; foundInList = true; } } // for if (!foundInList) { char msg[128]; char user[128]; size_t ix = 0; for (const char *pCh = beginPtr; pCh < endPtr; pCh++, ix++) { user[ix] = *pCh; } user[ix] = '\0'; sprintf(msg, "Non-valid user \"%s\", email marked as GARBAGE", user ); mHeadInfo.reason( msg ); log.log(Logger::DEBUG, "checkDomainAddrs", msg ); klass = MailFilter::GARBAGE; } // endPtr points to the '@' pBuf = (endPtr + 1); } } if (klass == MailFilter::UNKNOWN) { pBuf = pBuf + domainNameLen; domainPtr = strstr(pBuf, domainName); } else { break; // exit the while loop } } // while log.log(Logger::DEBUG, "checkDomainAddrs", "exit"); return klass; } // checkDomainAddrs

MailFilter::classification MailHeader::checkFrom (  const char *  buf  )  [private]

Check to see if an e-mail address in the from_address section of the SpamParameters is in the "From:" field. If a "from_address" string is found then it is valid email and no further checking will be done by the mail filter. This allows people you know to send you e-mail that may have spam or kill words in it. The "From" is also checked against "from_kill" strings. This allows you to mark as garbage email from frequent spammers. For example, when I developed this software there was a spammer who used YoDude in the from line and another that used "TailWaggingOffers". Definition at line 123 of file MailHeader.C. References SpamParameters::getSection(), Logger::log(), and HeaderInfo::reason(). Referenced by checkHeader(). { MailFilter::classification klass = MailFilter::UNKNOWN; log.log(Logger::DEBUG, "checkFrom", "enter"); vector<const char *> fromAddrs = mParams.getSection(SpamParameters::from_address); vector<const char *> killAddrs = mParams.getSection(SpamParameters::from_kill); char msg[128]; char from[256]; SpamUtil().toLower(from, buf, sizeof(from)); size_t len; len = killAddrs.size(); for (size_t i = 0; i < len; i++) { if (strstr(from, killAddrs[i]) != 0) { sprintf(msg, "Found address \"%s\", email marked as GARBAGE", killAddrs[i] ); mHeadInfo.reason( msg ); log.log(Logger::DEBUG, "checkFrom", msg ); klass = MailFilter::GARBAGE; break; } } if (klass == MailFilter::UNKNOWN) { len = fromAddrs.size(); for (size_t i = 0; i < len; i++) { if (strstr(from, fromAddrs[i]) != 0) { sprintf(msg, "Found \"from address\" \"%s\", email marked as EMAIL", fromAddrs[i] ); log.log(Logger::DEBUG, "checkFrom", msg ); klass = MailFilter::EMAIL; break; } } // for } log.log(Logger::DEBUG, "checkFrom", "exit"); return klass; } // checkFrom

MailFilter::classification MailHeader::checkHeader (  FILE *  fp  )

Rules for processing the e-mail header: The "To:" and "Cc:" Check for items in the "to_list". This is where mailing list addresses go. If a "to_list" item is found it is classified as "EMAIL". Check for a "my_address" address. In some cases spammers do not include your e-mail address in the "To:" or "Cc:" lines since the are using mailing lists or direct SMTP connections. Of course if your address is found it may still be spam. The "From:" and "From" At least in the case of e-mail on Linux there is a "From" line which leads the e-mail file. This line has the following format: From Note that this "From" has no colon. A "From:" line follows which may or may not have the same e-mail address. In the case of SPAM it frequently does not, since SPAMmers forge the email address. Check for an entry in the "from_list" in the "From:" part of the header. The "from_list" contains the email addresses (user name, domain, or both user and domain) of people you know. If a "from_list" item is found it is marked as valid email. Check the subject line for spam and kill words (e.g., penis, xanax). Processing of the email header ends when a blank line is found (all email headers must end with a blank line). When it comes to recognizing "spam_words" and "kill_words" in the subject line, the code below relies on the fact that the "From:" line preceeds the "Subject:" line. This allows your lover, whose address will presumably be in the from_address part of the SpamFilterParams, to send you e-mail with the word "penis" in the subject, without having the mail discarded if "penis" is in the kill_words list. The subject line and other parts of the email header are copied into a HeaderInfo object. This information is used in generating debug trace information and the garbage trace (for discarded email). and error messages. Many emails (especially those that are MIME formatted) will have a boundary line (which usually follows the "Content-Type:" line. The boundary line has the format boundary="" The boundary string is used to demarkate the bounds of the various sections. This string is saved in the class variable boundaryStr. Header processing may terminate before the header is completely read since it may be determined at an early point that the email is either valid or SPAM. In these case the rest of the mail header will be read to initialize the HeaderInfo object. Definition at line 804 of file MailHeader.C. References checkAddressSection(), checkFrom(), checkReceived(), checkSubject(), HeaderInfo::date(), fillInSections(), HeaderInfo::from(), HeaderInfo::fromNoColon(), HeaderInfo::klass(), Logger::log(), parseContentType(), HeaderInfo::subject(), and HeaderInfo::to(). Referenced by MailFilter::checkMail(). { log.log(Logger::DEBUG, "checkHeader", "enter"); MailFilter::classification klass = MailFilter::BAD_VALUE; if (!feof(fp)) { klass = MailFilter::UNKNOWN; char *pBuf; // Skip any blank lines which start the e-mail message while ((pPushBack = fgets(pushBackBuf, sizeof(pushBackBuf), fp)) != 0) { if (! SpamUtil().isBlankLine( pPushBack )) { break; } } // while if (pPushBack != 0) { // Loop through the e-mail header size_t line = 1; const char *RECEIVED = "received"; static const size_t RECEIVED_LEN = strlen(RECEIVED); const char *SUBJECT = "subject"; static const size_t SUBJECT_LEN = strlen(SUBJECT); const char *FROM = "from"; static const size_t FROM_LEN = strlen(FROM); const char *CONTENT_TYPE = "content-type"; const char *TO = "to"; static const size_t TO_LEN = strlen(TO); const char *CC = "cc"; const char *DATE = "date"; const char *pBound = 0; const char *pColon = 0; char buf[1024]; do { // DO if (pPushBack == 0) { pushBackBuf[0] = '\0'; pBuf = fgets(buf, sizeof(buf), fp); } else { pBuf = pPushBack; pPushBack = 0; } if (!pBuf) { break; } if (! SpamUtil().isBlankLine( pBuf )) { pColon = SpamUtil().findColon( pBuf ); if (SpamUtil().match(pBuf, FROM_LEN, FROM)) { pColon = pBuf + FROM_LEN; if (*pColon == ':') { pColon++; mHeadInfo.from( pColon ); } else { mHeadInfo.fromNoColon( pColon ); } klass = checkFrom( pColon ); } else if (pColon != 0) { if (SpamUtil().match(pBuf, RECEIVED_LEN, RECEIVED)) { pColon = pBuf + RECEIVED_LEN + 1; klass = checkReceived( pColon, fp, line ); } else if (SpamUtil().match(pBuf, SUBJECT_LEN, SUBJECT)) { pColon = pBuf + SUBJECT_LEN + 1; mHeadInfo.subject(pColon); klass = checkSubject( pColon, fp ); } else if (SpamUtil().match(pBuf, pColon, CONTENT_TYPE)) { pColon++; klass = parseContentType(fp, pBuf); } else if (SpamUtil().match(pBuf, TO_LEN, TO)) { pColon = pBuf + TO_LEN + 1; mHeadInfo.to( pColon ); klass = checkAddressSection(pColon, fp); } else if (SpamUtil().match(pBuf, pColon, CC)) { pColon++; klass = checkAddressSection(pColon, fp); } else if (SpamUtil().match(pBuf, pColon, DATE)) { pColon++; mHeadInfo.date(pColon); } } // has a colon (pColon != 0 } // is blank line else { // found a blank line break; } } while (klass == MailFilter::UNKNOWN && pBuf != 0); // if we have not finished on a black line, fill in any sections that // have not been encountered yet. if (! SpamUtil().isBlankLine( pBuf )) { fillInSections(fp); } // If the email was not addressed to a known mailing list and // and address in the SpamFilterParams section my_address is // not found, then it is classified as SPAM. if (klass == MailFilter::UNKNOWN && (! foundValidAddress)) { log.log(Logger::DEBUG, "checkHeader", "Did not find a valid To: or Cc: address"); klass = MailFilter::SUSPECT; } } // if pBuf } mHeadInfo.klass( klass ); char msg[128]; sprintf(msg, "return value = %s", SpamUtil().classificationToStr( klass )); log.log(Logger::DEBUG, "checkHeader", msg ); log.log(Logger::DEBUG, "checkHeader", "exit"); return klass; } // checkHeader

MailFilter::classification MailHeader::checkReceived (  const char *  buf, FILE *  fp, size_t  line )  [private]

The received line in the email header spans multiple lines. The end is determined by the next line that contains a colon. Something like "Message-ID:" or "From:" (or, perhaps, another "Received:"). Right now not much is done with this section except to search for the word "forged". If a section is added to the SpamFilterParams file for spammer addresses, then this function could recognize these. Right now it is not clear that this would be very profitable, since spammers move around so much. For use in future checking, the buf pointer points to the character that follows the colon. One complexity introduced by this function is that it reads the next line to see if this line has a colon header in it. There is no way to "unget" a line. So as a hack around this there is a "pushBackBuf" in the class (can you say global variable by another name) which contains this line. If the pPushBack pointer at this buffer (e.g., is not NULL) then the pushBackBuf line will be used rather than reading a new line from stdin. Some mailers add a "may be forged" note on one of the received lines. This seems to happen when the address is given via SMTP, rather than in the "To:" line. In this case, the mail should be marked as SPAM (e.g., SUSPECT) The "line" argument is for debugging. Definition at line 416 of file MailHeader.C. References Logger::log(). Referenced by checkHeader(). { log.log(Logger::DEBUG, "checkReceived", "enter"); MailFilter::classification klass = MailFilter::UNKNOWN; const char *pColon; do { pPushBack = fgets(pushBackBuf, sizeof(pushBackBuf), fp); if (pPushBack != 0) { if ((klass == MailFilter::UNKNOWN) && (strstr(pPushBack, "forged") != 0)) { klass = MailFilter::SUSPECT; } pColon = SpamUtil().findColon( pPushBack ); } } while (pPushBack != 0 && !pColon); log.log(Logger::DEBUG, "checkReceived", "exit"); return klass; } // checkReceived

MailFilter::classification MailHeader::checkSubject (  const char *  buf, FILE *  fp )  [private]

Check the email header subject line for spam or kill words or phrases. Apparently some emails may have multi-line subjects. So after the subject line is found, we check to see if there is another line with a colon (something like "Reply-To:" for example) or if the line is blank (indicating an end to the header). In both cases we "push back" the line. If the line does not have a colon or is not blank, we skip it (since this is the subject line continuing on the next line). The subject line should not continue on more than one line after the "Subject:" line or something is really wrong with the email format. Definition at line 68 of file MailHeader.C. References Logger::log(), and HeaderInfo::reason(). Referenced by checkHeader(). { log.log(Logger::DEBUG, "checkSubject", "enter"); char msg[256]; char subject[256]; char foundStr[128]; // convert to lower case SpamUtil().toLower(subject, buf, sizeof(subject)); foundStr[0] = '\0'; MailFilter::classification klass = SpamUtil().checkLine(subject, mParams, foundStr, sizeof(foundStr)); if (klass == MailFilter::SUSPECT || klass == MailFilter::GARBAGE) { if (klass == MailFilter::SUSPECT) { sprintf(msg, "Found \"spam\" word \"%s\", email marked as SUSPECT", foundStr ); } else if (klass == MailFilter::GARBAGE) { mHeadInfo.reason( foundStr ); sprintf(msg, "Found \"kill\" word \"%s\", email marked as GARBAGE", foundStr ); } log.log(Logger::DEBUG, "checkSubject", msg ); } pPushBack = 0; char *pBuf; if ((pBuf = fgets(pushBackBuf, sizeof(pushBackBuf), fp)) != 0) { if (SpamUtil().isBlankLine(pBuf) || SpamUtil().findColon(pBuf) != 0) { pPushBack = pBuf; } } log.log(Logger::DEBUG, "checkSubject", "exit"); return klass; } // checkSubject

void MailHeader::fillInSections (  FILE *  fp  )  [private]

Fill in the email header in the mHeadInfo class variable. The mHeadInfo object is used to encapsulate header information that is used in generating debug log messages and in generating the garbage trace (if the trace_garbage flag is set). Processing the email stops as soon as it can be determined that the email is valid, suspect or garbage. In some cases (for example an invalid domain address) the complete header will not have been processed and some fields in mHeadInfo have not been filled in. This function is called to read the rest of the header and fill in these fields. Definition at line 659 of file MailHeader.C. References HeaderInfo::date(), HeaderInfo::from(), Logger::log(), HeaderInfo::subject(), and HeaderInfo::to(). Referenced by checkHeader(). { static const char *TO = "to:"; static const size_t TO_LEN = strlen( TO ); static const char *FROM = "from:"; static const size_t FROM_LEN = strlen( FROM ); static const char *SUBJECT = "subject:"; static const size_t SUBJECT_LEN = strlen( SUBJECT ); static const char *DATE = "date:"; static const size_t DATE_LEN = strlen( DATE ); char buf[1024]; char *pBuf = 0; size_t bufSize = 0; log.log(Logger::DEBUG, "fillInSections", "enter"); do { if (pPushBack == 0) { pushBackBuf[0] = '0'; bufSize = sizeof(buf); pBuf = fgets(buf, bufSize, fp); } else { pBuf = pPushBack; bufSize = sizeof( pushBackBuf ); pPushBack = 0; } if (pBuf != 0) { if (! SpamUtil().isBlankLine( pBuf )) { char *pCopy = 0; if (SpamUtil().match(pBuf, TO_LEN, TO)) { pCopy = pBuf + TO_LEN; mHeadInfo.to( pCopy ); } else if (SpamUtil().match(pBuf, FROM_LEN, FROM)) { pCopy = pBuf + FROM_LEN; mHeadInfo.from( pCopy ); } else if (SpamUtil().match(pBuf, SUBJECT_LEN, SUBJECT)) { pCopy = pBuf + SUBJECT_LEN; mHeadInfo.subject( pCopy ); } else if (SpamUtil().match(pBuf, DATE_LEN, DATE)) { pCopy = pBuf + DATE_LEN; mHeadInfo.date( pCopy ); } } else { // found a blank line which follows the mail header break; } } } while (pBuf != 0); if (pBuf == 0) { log.log(Logger::DEBUG, "fillInSections", "end-of-file reached"); } log.log(Logger::DEBUG, "fillInSections", "exit"); } // fillInSections

MailFilter::classification MailHeader::parseContentType (  FILE *  fp, char *  contentBuf )

Return the content type for the email. Many emails (especially those which are MIME encoded, but others as well) include a Content-type section whose format is: "Content-type:" type Where examples of "Content-Type:" include "text/html", "text/plain", "multipart/alternative", "multipart/mixed", "image/jpg" This spam filter marks all email that _starts_ with an HTML section, instead of a text section, as SUSPECT, which will result in placing the email in the junk_mail file. This spam filter also attempts to identify email with base64 encoded sections. If the "kill_base64" flag is set, email with base64 encoded sections will be discarded. This tends to weed out viruses and spam that attempts to hide behind the base64 encoding. If the "kill_base64" flag is not set, the email with base64 encoded data will be placed in the junk_mail file. The Content-Type section may be followed by a charset or boundary definition. The boundary definition is discussed below. The charset definition may be on the same line as the Content-Type definition (separated by a semicolon) or it may be on the following line. The case that causes difficulty is the one where it is on the following line: Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 In this case the charset line is skipped, setting up processing for the Content-Transfer-Encoding line, which in this case is base64. This avoids having an email marked as HTML when we really want to classify it as base64 encoded. Multipart email is separated by boundary strings. This allows email programs (and this spam filter) to skip to a section by looking for the boundary string. A boundary string definition may follow the Content-Type. This may be either on the same line, separated by a semicolon: Content-Type: multipart/mixed;boundary="--SpammersAreScum--" or on the following line: Content-Type: multipart/mixed; boundary="--SpammersAreScum--" The boundary definition is saved in a class variable. Note that the boundary definition is not saved if the Content-Type is text. This is because the following sometimes appears: Content-Type: text/plain; boundary="--09064944530622531466" Here, even though a boundary section is defined, it is unused because the email Content-Type is text. Definition at line 561 of file MailHeader.C. References SpamParameters::hasFlag(), Logger::log(), HeaderInfo::reason(), and saveBoundary(). Referenced by checkHeader(). { const char *BOUNDARY = "boundary"; static size_t BOUNDARY_LEN = strlen( BOUNDARY ); const char *CONTENT_ENCODE = "Content-Transfer-Encoding"; static size_t CONTENT_ENCODE_LEN = strlen(CONTENT_ENCODE); log.log(Logger::DEBUG, "parseContentType", "enter"); MailFilter::classification klass = MailFilter::UNKNOWN; SpamUtil::contentType type = SpamUtil().classifySection( contentBuf ); { char *pBound = strstr(contentBuf, BOUNDARY); if (pBound && type != SpamUtil::TEXT) { saveBoundary( pBound + BOUNDARY_LEN ); } } pPushBack = 0; char *pBuf; if ((pBuf = fgets(pushBackBuf, sizeof(pushBackBuf), fp)) != 0) { // If the line that follows the Content-Type does not have a colon // (e.g., findColon() does not return a pointer) and it is not a // blank line, then it may be a boundary definition or a charset // definition. If it is a boundary we want to pick it up. Otherwise // we want to skip it. if (SpamUtil().isBlankLine(pBuf) || SpamUtil().findColon(pBuf) != 0) { pPushBack = pBuf; } else { char *pBound = strstr(pBuf, BOUNDARY); if (pBound && type != SpamUtil::TEXT) { saveBoundary( pBound + BOUNDARY_LEN ); } // get the next line pBuf = fgets(pushBackBuf, sizeof(pushBackBuf), fp); pPushBack = pBuf; } // Check for the Content-Transfer-Encoding line and see if it is base64 char *pEncode; if ((pEncode = strstr(pBuf, CONTENT_ENCODE)) != 0) { pPushBack = 0; if (strstr(pEncode + CONTENT_ENCODE_LEN, "base64")) { type = SpamUtil::BASE64; } } } if (type == SpamUtil::BASE64) { if (mParams.hasFlag("kill_base64")) { mHeadInfo.reason("found base64 encoded information"); klass = MailFilter::GARBAGE; } else { klass = MailFilter::SUSPECT; } } else if (type == SpamUtil::HTML) { klass = MailFilter::SUSPECT; } else if (type == SpamUtil::IMAGE || type == SpamUtil::AUDIO) { klass = MailFilter::SUSPECT; } const char *typeName; typeName = SpamUtil().typeToStr( type ); char msg[128]; sprintf(msg, "mail type = %s", typeName ); log.log(Logger::DEBUG, "parseContentType", msg ); log.log(Logger::DEBUG, "parseContentType", "exit"); return klass; } // parseContentType

void MailHeader::saveBoundary (  const char *  pBound  )  [private]

Save the boundary string which may follow the "Content-Type:" line. The format for the boundary definition is boundary="" The pBound argument should point to the '=' character. There are times when the boundary string does not start with a quote. There are also times when there is white space between the "=" and the quote. The boundary string is used in processing the mail body to move between the various sections of an email. Definition at line 456 of file MailHeader.C. References Logger::log(). Referenced by parseContentType(). { log.log(Logger::DEBUG, "saveBoundary", "enter"); if (*pBound == '=') { pBound++; // skip any white space between the "=" and the quote pBound = SpamUtil().skipWhiteSpace( pBound ); if (*pBound == '"') { pBound++; } const size_t len = sizeof(boundaryStr) - 1; size_t ix = 0; while (*pBound && ix < len && (! isspace(*pBound)) && *pBound != '"') { boundaryStr[ix] = *pBound; pBound++; ix++; } boundaryStr[ix] = '\0'; if (ix > 0) { char msg[128]; sprintf(msg, "boundary str. = \"%s\"", boundaryStr ); log.log(Logger::DEBUG, "saveBoundary", msg); } } else { log.log(Logger::ERROR, "saveBoundary", "'=' expected"); } log.log(Logger::DEBUG, "saveBoundary", "exit"); } // saveBoundary

---

The documentation for this class was generated from the following files:

• MailHeader.h
• MailHeader.C

---