Virusname in output IF you use McAfee uvscan

2001-05-10
2002-11-13
  • OK, I hope this makes at least some of you happy: I added output of the virusname to both recipient and sender of a mail with contaminated attachments. I have to scan the output of the scanner to do this, so it's only uvscan...

    I also give them full names, just awking them from the temp copy of the mail, and I've added googlers to the Norton Antivirus website for information. This even works with the Eicar testfile: Google comes up with 4 links to it on symantec's site :-)

    OK, here's it. Just cut and paste in the appropriate part of your scanmails script.

    ********************
    ################### send a mail back to sender ######################

    if [ "x${notifysender}" = "xyes" ] ; then
    if [ "x${do_virusbackup}" = "xyes" ] ; then
    header=`${awk} '/^$/ {exit} {print}' < ${virusmailsdir}/${myname}/${virusbackup}`
    fullname=`${awk} -F: '/To:/ {print $2}' ${virusmailsdir}/${myname}/${virusbackup}`
    fromname=`${awk} -F: '/From:/ {print $2}' ${virusmailsdir}/${myname}/${virusbackup}`
    else
    header=`${awk} '/^$/ {exit} {print}' < ${tmpdir}/receivedmail`
    fullname=`${awk} -F: '/To:/ {print $2}' ${tmpdir}/receivedmail`
    fromname=`${awk} -F: '/From:/ {print $2}' ${tmpdir}/receivedmail`
    fi

    virusname=`${awk} '/Found/ {print $3}' ${tmpdir}/${logfile} |sed 's/\//./' |awk -F@ '{print $1}'`

    cat <<EOF| ${sendmail_wrapper} ${sendmail_flags}
    From: ${mailfrom}
    To: ${sender}
    Subject: VIRUS IN YOUR MAIL TO ${fullname}

    V I R U S  A L E R T

    We found a virus in your mail to${fullname}.
    To prevent the virus from spreading any further, we stopped delivery of this email.${fullname} did NOT receive your message!

    Our viruschecker found the following virus:
    ${virusname}

    Check your system for viruses and resend your mail.

    By clicking the link below, you can search the Norton Antivirussite with Google for more information on this virus.
    http://www.google.com/search?q=inurl:www.symantec.com/avcenter%20intitle:Write+${virusname}

    For your reference, here are the headers from your email:

    =====================================================================

    ------------------------- BEGIN HEADERS -----------------------------
    ${header}
    -------------------------- END HEADERS ------------------------------

    We use AMaViS, have a look at:
    http://amavis.org/
    AMaViS - A Mail Virus Scanner, licenced GPL

    EOF

    fi

    if [ "x${notifyreceiver}" = "xyes" ] ; then

    ############### send a mail to the addressee ########################

    cat <<EOF| ${sendmail_wrapper} ${sendmail_flags}
    From: ${mailfrom}
    To: ${receiver}
    Subject: VIRUS IN A MAIL FOR YOU FROM ${fromname}

    V I R U S  A L E R T

    Our viruschecker found a virus in a mail from ${fromname} to you:
    ${virusname}
     
    Delivery of the email was stopped.
    ${fromname} has been informed that his/her mail contained a virus.
     
    Please contact your system administrator for details, or search the Norton Antivirussit for details:
    http://www.google.com/search?q=inurl:www.symantec.com/avcenter%20intitle:Write+${virusname}

    We use AMaViS, have a look at:
    http://amavis.org/
    AMaViS - A Mail Virus Scanner, licenced GPL

    EOF

    *****

    Hope the long lies aren't broken.
    Greetz,
    Cathelijne

     
    • Larry Lin
      Larry Lin
      2001-12-20

      Thanks for your solutions, it works great for me!!!

      Maybe we should have it included in the next version of Amvis release :P

       

    • Anonymous
      2002-11-13

      Cathelijne, how or where did you declare the ${virusname} variable ?

      I tried to include the "${virusname}" in the message I send to the users but the space that will be completed with the VIRUSNAME is in BLANK

      Regards,
      Quique

       

      • Anonymous
        2002-11-13

        Sorry I'm blind  :)
        I just see the declaration:
        virusname=`${awk} '/Found/ {print $3}' ${tmpdir}/${logfile} |sed 's/\//./' |awk -F@ '{print $1}'`

        Quique