Almost all of us here are using Rules.ima file to filter out the unsafe
attachments like .pif, .scr, etc. Since there can be false positives
too, we usually forward the suspected messages to a particular mailbox
(say VirusBox) instead of deleting (NULling) them. We use info manager
to respond back to the sender.
The problem here is that the culprit message can not be identified to
the sender in the response mail. This is the requirement someone was
looking for on this list a few days back.
Here is what I did:
Instead of having a mailbox "VirusBox", I created a program alias named
VirusBox. The rules.ima forwards the suspected messages to "VirusBox".
Each user has a VirusBox.fwd in his mail folder which contains
"[EMAIL PROTECTED]".
The program alias VirusBox calls a batch file (.CMD). The contents of
this file are:
P:\perl\bin\perl Z:\MailVirusResponder\responder.pl %1
del %1
The file responder.pl is as:
-------------------------------------------------------------
use Mail::SendMail;
$msgfile = $ARGV[0];
open (MSGFILE, "<$msgfile");
while (<MSGFILE>) {
$header .= $_;
chomp; # Deletes trailing newline character.
if (/^From: ([^<]*)<?([^>]*)>?/) {
my $s1 = $1;
my $s2 = $2;
$from = $s2;
if ($s2) {
$from = $s2;
} else {
$from = $s1;
}
next;
}
if (/^Subject: (.*)$/) {
$subject = $1;
next;
}
if (/^$/) {
last;
}
}
close (MSGFILE);
if ($from =~ /\@/) {
$sm = new SendMail("mail.mydomain.com");
# $sm->setDebug($sm->ON);
$sm->From("Virus Monitor <postmaster\@mydomain.com>");
$sm->Subject("Virus Alert : $subject");
$sm->To("$from <$from>");
$sm->Cc("Postmaster <postmaster\@mydomain.com>");
$msgbody = "$from sent a message that possibly contains virus.\n";
# $msgbody .= "The culprit message is attached for your
information\n\n";
$msgbody .= "This message was not delivered to the intended user(s)
on this server.\n";
$msgbody .= "Kindly get your computer scanned for probable virus
infection.\n\n";
$msgbody .= "If you sent a message with an executable attachment
(exe, bat, scr, pif, etc.), ";
$msgbody .= "please note that we consider such files (including
vbscripts and javascripts) ";
$msgbody .= "as a potential virus threat and thus do not accept
them.\n\n";
$msgbody .= "Regards,\n<postmaster\@mydomain.com>\n\n";
$msgbody .= "For your information, here is the complete header of the
culprit message:\n\n$header";
$sm->setMailBody("$msgbody");
# $sm->Attach("$msgfile");
if ($sm->sendMail() != 0) {
print $sm->{'error'}."\n";
exit -1;
}
print "Done\n\n";
exit 0;
}
------------------------------------------------------------------
I have used Perl as I had perl book handy (I am not good in
programming).
But I am sure any other programming language could be used as well.
The perl script uses sendmail.pm which I downloaded from internet.
I am sending only headers of the original message to the user, but
complete message could be sent as an attachment by uncommenting the
appropriate lines in the code.
I have tested the setup and seems to be working for me. If anyone finds
any bug/problem with this code/setup or has any suggestion, kindly let
me know.
Thank you.
_________________
Ajay Tikoo
Zerowait Computers Inc.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
