Code for manipulating all messages matching some criteria?

Deniss cyrus at sad.lv
Mon Oct 28 11:34:05 EDT 2013 

Hi John,

i wondering that modifing the mesasges on the disk does not break any
internal cyrus stuff like replication or something else cos message's
size and GUID as stored in cyrus.index should be changed on edit:

http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.4.8/internal/mailbox-format.php

Did you expect any issue with the messages after editing ?

Bron, any ideas ?


On 2013.10.23. 1:56, John Wade wrote:
> Hi Jason,
> 
> We have run into this a number of times with various spear phishing
> messages.    As a result, we cobbled together a total hack.   We have a
> perl tool that searches the mail spool filesystems, (either inboxes only
> or a full recursive search) and then searches and replaces the offending
> link or text within the messages.   Does not help with clients who cache
> the message contents and is not a perfect solution, but has worked when
> we have needed it .    Since it only touches the contents of messages,
> it does not require a reconstruct like nuking the file outside of Cyrus
> would.   We ended up going through the file system to find the messages
> since some of these attacks had a lot of variation of subject, sender
> and links and regular expressions are a great tool.
> 
> I have been meaning for some time to rewrite this to have it do an IMAP
> delete/purge of the offending messages, but have not had the time.    
> If somebody has a great tool for this that they could share, I would
> love to see it.
> 
> If anybody really wants our pathetic little hack, I would be happy to
> share it.
> 
> Hope this helps,
> John Wade
> Oakton Community College
> 
> On 10/22/2013 2:24 PM, Jason L Tibbitts III wrote:
>> Recently our campus was hit with a particularly bad targeted trojan
>> attach and the IT overlords sent out a demand that we (a small
>> department with several hundred mailboxes on our own server) go through
>> all user mailboxes and actually delete the offending messages.  At least
>> using the admin account this is actually kind of reasonable to do.
>> While I'm sure I could whip something up if I actually had enough free
>> time, I was wondering if anyone had already been through this kind of
>> thing and had cobbled together any code to do it.
>>
>> I see something called imapfilter which might do the trick, but it seems
>> to be completely opaque.
>>
>>   - J<
>> ----
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>

More information about the Info-cyrus mailing list