Almost all of us here are using Rules.ima file to filter out the unsafe attachments like .pif, .scr, etc. Since there can be false positives too, we usually forward the suspected messages to a particular mailbox (say VirusBox) instead of deleting (NULling) them. We use info manager to respond back to the sender.
The problem here is that the culprit message can not be identified to the sender in the response mail. This is the requirement someone was looking for on this list a few days back. Here is what I did: Instead of having a mailbox "VirusBox", I created a program alias named VirusBox. The rules.ima forwards the suspected messages to "VirusBox". Each user has a VirusBox.fwd in his mail folder which contains "[EMAIL PROTECTED]". The program alias VirusBox calls a batch file (.CMD). The contents of this file are: P:\perl\bin\perl Z:\MailVirusResponder\responder.pl %1 del %1 The file responder.pl is as: ------------------------------------------------------------- use Mail::SendMail; $msgfile = $ARGV[0]; open (MSGFILE, "<$msgfile"); while (<MSGFILE>) { $header .= $_; chomp; # Deletes trailing newline character. if (/^From: ([^<]*)<?([^>]*)>?/) { my $s1 = $1; my $s2 = $2; $from = $s2; if ($s2) { $from = $s2; } else { $from = $s1; } next; } if (/^Subject: (.*)$/) { $subject = $1; next; } if (/^$/) { last; } } close (MSGFILE); if ($from =~ /\@/) { $sm = new SendMail("mail.mydomain.com"); # $sm->setDebug($sm->ON); $sm->From("Virus Monitor <postmaster\@mydomain.com>"); $sm->Subject("Virus Alert : $subject"); $sm->To("$from <$from>"); $sm->Cc("Postmaster <postmaster\@mydomain.com>"); $msgbody = "$from sent a message that possibly contains virus.\n"; # $msgbody .= "The culprit message is attached for your information\n\n"; $msgbody .= "This message was not delivered to the intended user(s) on this server.\n"; $msgbody .= "Kindly get your computer scanned for probable virus infection.\n\n"; $msgbody .= "If you sent a message with an executable attachment (exe, bat, scr, pif, etc.), "; $msgbody .= "please note that we consider such files (including vbscripts and javascripts) "; $msgbody .= "as a potential virus threat and thus do not accept them.\n\n"; $msgbody .= "Regards,\n<postmaster\@mydomain.com>\n\n"; $msgbody .= "For your information, here is the complete header of the culprit message:\n\n$header"; $sm->setMailBody("$msgbody"); # $sm->Attach("$msgfile"); if ($sm->sendMail() != 0) { print $sm->{'error'}."\n"; exit -1; } print "Done\n\n"; exit 0; } ------------------------------------------------------------------ I have used Perl as I had perl book handy (I am not good in programming). But I am sure any other programming language could be used as well. The perl script uses sendmail.pm which I downloaded from internet. I am sending only headers of the original message to the user, but complete message could be sent as an attachment by uncommenting the appropriate lines in the code. I have tested the setup and seems to be working for me. If anyone finds any bug/problem with this code/setup or has any suggestion, kindly let me know. Thank you. _________________ Ajay Tikoo Zerowait Computers Inc. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/