Fixup SignExternalMessage

common/usr/sbin/MailScanner

@@ -1257,6 +1257,9 @@ sub WorkForHours {
     # Encapsulate the messages into message/rfc822 attachments as needed
     $batch->Encapsulate();
 
+    # Sign all external messages
+    $batch->SignExternalMessage();
+
     # Sign all the uninfected messages
     $batch->SignUninfected();
 

common/usr/share/MailScanner/perl/MailScanner/Message.pm

@@ -4958,7 +4958,7 @@ sub SignWarningMessage {
 # https://github.com/MailScanner/v5/issues/375
 # Sign the body of the message with a text or html warning message
 # alerting users that message was from an external source
-# Return 0 if nothing was signed, true if it signed something.
+# Set bodymodifed and externalsigned upon signing
 sub SignExternalMessage {
   my $this = shift;
   my $top = shift;
@@ -4995,12 +4995,24 @@ sub SignExternalMessage {
     MailScanner::Log::DebugLog("Debug: Adding external html for message %s", $this->{id});
     $warning = $this->ReadExternalWarning('inlineexternalhtml');
     #$warning = quotemeta $warning; # Must leave HTML tags alone!
+    my $htmltagfound = 0;
     foreach $line (@body) {
       # html tags can have extra attributes.  In a case where the <html> tag
       # has attributes and is closed on a subsequent line, the warning will
       # actually be in the tag, but it's malformed in any case because it
       # precedes any <head> and <body> tags and clients seem to render it OK.
-      $line =~ s/\<html( [^>]*)?(\>|$)/$&$warning/i;
+      if ( $line =~ /\<html( [^>]*)?(\>|$)/ ) {
+        $htmltagfound = 1;
+      }
+    }
+
+    # Just sign if no html tag present
+    $io->print($warning)
+      unless $htmltagfound == 1;
+    foreach $line (@body) {
+      # if at <html> tag, sign here
+      $line =~ s/<html( [^>]*)?(\>|$)/$&$warning/i
+        unless $htmltagfound == 0;
       $io->print($line);
     }
   } else {
@@ -5015,7 +5027,8 @@ sub SignExternalMessage {
   MailScanner::Log::DebugLog("Debug: Exiting SignExternalMessage for message %s", $this->{id});
 
   # We signed something
-  return 1;
+  $this->{bodymodified} = 1;
+  $this->{externalsigned} = 1;
 }
 
 # Read the appropriate warning message to sign the top of cleaned messages.
@@ -5864,15 +5877,6 @@ sub DeliverModifiedBody {
     return;
   }
 
-  # https://github.com/MailScanner/v5/issues/375
-  # Sign the top of the message body with a text/html externalwarning if they want.
-  if (MailScanner::Config::Value('externalwarning',$this) =~ /1/ &&
-      !$this->{externalsigned}) {
-    MailScanner::Log::DebugLog("Debug: Adding external warning to message %s body", $this->{id});
-    $this->SignExternalMessage($this->{entity});
-    $this->{externalsigned} = 1;
-  }
-
   # Prune the entity tree to remove all undef values
   #PruneEntityTree($this->{entity},$this->{entity2file},$this->{file2entity});
   PruneEntityTree($entity,$this->{entity2file},$this->{file2entity});

common/usr/share/MailScanner/perl/MailScanner/MessageBatch.pm

@@ -780,6 +780,22 @@ sub QuarantineModifiedBody {
   }
 }
 
+# Sign all external messages
+sub SignExternalMessage {
+  my $this = shift;
+
+  my ($id, $message);
+
+  while(($id, $message) = each %{$this->{messages}}) {
+    next if $message->{deleted} || $message->{dontdeliver};
+    if (MailScanner::Config::Value('externalwarning',$this) =~ /1/ &&
+      !$this->{externalsigned}) {
+      MailScanner::Log::NoticeLog("Message is external, prepending warning for %s", $id);
+      $message->SignExternalMessage($message->{entity});
+    }
+  }
+}
+
 # Sign all the messages that were clean with a tag line saying
 # (ideally) that MailScanner is wonderful :-)
 sub SignUninfected {