#!/bin/rc
# validateattachment mboxfile
rfork en
upastmp=/mail/tmp
#
# exit status matching:
#
#	*discard* - is really bad, refuse the message 
#	*accept* - is really good, leave attachment alone
#	* - rewrite attachment to have .suspect extension
# 

if(! ~ $#* 1){
	echo usage: validateattachment mboxfile >[1=2]
	exit usage
}

echo validating >[1=2]
fn save {
	d=`{date -n}
	cp body $upastmp/$d.$1
	cp raw  $upastmp/$d.$1.raw
	whatis x >$upastmp/$d.$1.file
}
fn sigexit {
	rm -f $upastmp/$d.$1^('' .raw .file)
}

upas/fs -f $1
cd /mail/fs/mbox/1

x=`{file body | sed s/body://}
x=$"x
switch($x){
case *Ascii* *text* *'c program'* *'rc executable'* 
	save accept
	exit accept

case *'zip archive'*
	# >[2=1] because sometimes we get zip files we can't parse
	# but the errors look like
	# unzip: reading data for philw.doc.scr failed: ...
	# so we can still catch these.
	if(unzip -tsf body >[2=1] | grep -si '      |\.(scr|exe|pif|bat|com)$'){
		echo executables inside zip file!
		exit discard
	}

case jpeg 'PNG image' bmp 'GIF image' *'plan 9 image'*
	save accept
	exit accept

case *Microsoft* *Office*
	save wrap
	exit wrap

case *MSDOS*
	# no executables
	echo $x
	exit discard
}

save wrap
exit wrap