From: juaid <ju...@fa...> - 2001-03-28 16:28:15
|
Well, my last mail encouraged me to improve tge code for the subrutines I made... maybe there is a better way to do it, but it's quite simple and clear, and works fine I'm using it with amavis-perl10, so here's the code if anyone wants to use it and get rid of messages which have no valid sender (as I said, it works fine, but as always, use it at your own risk!!!): First I defined some variablss in the beggining of the amavis script (/usr/sbin/amavis in my case) ###### SNAP ###### # # Define various constants # # # Added variables # my $VIRUSFOUND = ""; my $IGNOREVIRUS = "no"; # List of viruses that arrive without a valid sender my @VIRUSLIST = ('W32/Hybris.gen@MM','W95/MTX@M','W32/Magistr@MM'); ###### END OF SNAP ###### Then I added at the end of the script my sub routine that gets the virus name and defines if the virus should be discarded, without backuping nor warning sender, recip and admin ###### SNAP ###### # # Sub routine to get the virus name, and define if it should or not be ignored # sub getVirus() { # Obtain the virus name open (OUTPUT,">> /var/tmp/output$VIRUSFILE"); print OUTPUT "$output"; close (OUTPUT); open (OUTPUT,"/var/tmp/output$VIRUSFILE"); while (<OUTPUT>){ if ( $_ =~ /Found/ ) { $_ =~ s/\s+Found the\s+//; $_ =~ s/\s+virus \!\!\!\s+//; $VIRUSFOUND = $_; } } close (OUTPUT); unlink ("/var/tmp/output$VIRUSFILE"); # If the virus that was found is defined # in @VIRUSLIST set $IGNOREVIRUS = "yes" # to ignore it, without backuping or warning for ( my $i = 0; $i < @VIRUSLIST; $i++){ if ( $VIRUSFOUND =~ /$VIRUSLIST[$i]/ ){ $IGNOREVIRUS = "yes" } } } ###### END OF SNAP ###### Finally, I added some conditions in the do_virus(@) sub routine to manage this things I also added a couple of lines in the routines that send the warning mails, to include in them tha name of the virus that was found, but that is something more of personal like, so I don't include it here.. ###### SNAP ###### sub do_virus(@) { my $output = shift; # If a virus is found # First we quarantine the original email messages if ($TESTING ne "yes") { # Call sub routine to get the virus name # and define with $IGNOREVIRUS if ignore it or not getVirus(); # If defined to backup, and the mail has a valid sender then make the backup if ($virusbackup eq "yes" && $IGNOREVIRUS eq "no") { `mv $TEMPDIR/email.txt $QUARANTINE/$VIRUSFILE`; do_debug("Virus quarantined as $VIRUSFILE\n"); do_log("Virus found - quarantined as $VIRUSFILE"); } else { do_log("Virus found - not quarantined"); } # If the mail has a valid sender then notify if ( $IGNOREVIRUS eq "no" ){ # Virus tiene remitente valido # asi que notifico # Then we send email warn_sender(); # warn_recip() is disabled by default because of possible # problems with mailing lists. Enable only if you know what # you're doing! warn_recip(); # Notify admin warn_admin($output); } # Finally, we bounce the message or pretend everything was okay, # depending on the MTA do_exit($VIRUSERR, __LINE__); } else { do_exit(2, __LINE__); } } ###### END OF SNAP ###### cheers juaid :) ----- Original Message ----- From: "juaid" <ju...@fa...> To: <ama...@li...> Sent: Wednesday, March 28, 2001 11:14 AM Subject: Re: [AMaViS-user] Missing "To" {recipient} info... That's right, one of those virus is the famous snowhite, but in these days I've seen 2 more that act the same way.. What I did, is I made a subrutine that looks for the name of the virus found. Then if it matches one of the viruses in my list, it does not backup it, nor even warn admin, recipient or sender. If you want I can send you the code.. it could be coded better, I made it a bit in a hurry and I haven't programmed in Perl for some time, so I have forgotten how to do some things in better ways, but it works well. just tell me if you want it juaid :) ----- Original Message ----- From: "Klaus Muth" <mu...@ha...> To: <ste...@kn...> Cc: <ama...@li...> Sent: Wednesday, March 28, 2001 4:04 AM Subject: Re: [AMaViS-user] Missing "To" {recipient} info... ste...@kn... wrote: > > Hello AMaVis users, > > I have recently installed AMaViS 0.2.1 on Solaris 2.6 with Sendmail 8.8.5/8.6.11 > and it seems to be working nicely with Sophos Anti-Virus (once I also installed > gawk and Gnu findutils) except that it seems to leave out the details on the > original recipient when a virus is detected... Seems, You have caught Hybris. Hybris has its own SMTP client and sends itself witout any other help of the system (besides opening a network connection). Result is a empty header. > Does anyone have an idea what the problem might be here? > Any help is appreciated, please reply directly to ste...@kn... . No help needed. The sender cannot be warned in other ways than finding the IP address in the header and informing the ISP. klaus -- Klaus Muth HAGOS eG Industriestr. 62 fon: (+49) 711 78805-86 EDV-Programmierung 70565 Stuttgart fax: (+49) 711 78805-35 http://www.hagos.de Germany mailto:mu...@ha... _______________________________________________ AMaViS-user mailing list AMa...@li... http://lists.sourceforge.net/lists/listinfo/amavis-user _______________________________________________ AMaViS-user mailing list AMa...@li... http://lists.sourceforge.net/lists/listinfo/amavis-user |