Hello. I think produce to discussion some patch. It's contain
*1*. modified reply message for sendmail: 2004-04-01 02:10:24 sendmail[11026]: i2VLANKk011026: to=<xxxxxxxxxxxxx>, delay=00:00:01, pri=3 0539, stat=Exploit.HTML.Bagle.Gen-3-eml virus detected by ClamAV - http://www.clamav.net Initial code from Bryan Swanson, rewrited by Andrey J. Melnikoff reason: It message may be to see in DSN: ======= ----- The following addresses had permanent fatal errors ----- <xxxxxxxxxxxxx> (reason: 550 5.7.1 Worm.BugBear.B virus detected by ClamAV - http://www.clamav.net) ----- Transcript of session follows ----- ... while talking to xxxxxxxxxxxxxx: >>> DATA <<< 550 5.7.1 Worm.BugBear.B virus detected by ClamAV - http://www.clamav.net 554 5.0.0 Service unavailable ========= *2*. two modifications for E-Mail notification a) rfc-compatible received from local server: Received: from qwerty (qqq.eee.com [xx.xx.xx.xx]) by srv7.kraft-s.ru (clamav-milter 0.70c) with id i2VKJ6Tb015441; Thu, 01 Apr 2004 01:19:10 +0500 (SAMST) Received: From: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> Date: Wed, 31 Mar 2004 15:15:51 -0500 Subject: Delivery Failure: Re: Extended Mail X-Mailer: SurfControl E-mail Filter b) X-Infected-Received-From in header : X-Infected-Received-From: qqq.eee.com [xx.xx.xx.xx] first is a standart form of important data, second is very usable for sorting (for example by Sieve) *3*. improved (I think :-) ) logging with sendmail's Message Id in each line. It's usable for greping all data about message in maillog. The patch written for last CVS snapshot where compilation of clamav-milter is possible. Patch: http://hippo.ru/~asy/clamav/clamav-log-and-notify.patch snapshot (just in case): http://hippo.ru/~asy/clamav/clamav-20040328.tar.gz -- Regards, Sergey PS: sorry for my english :-( ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-devel
