Hello Markus, Thank you for your contribution. I'm releasing the hold messages using a program alias in IMail, so the recipients could just send an email to the alias address to unblock the email. Following is the little cmd script, as you can see it uses some of the GNU tools for Win32 that you could find at http://unxutils.sourceforge.net/
I found it very useful in cases that the end user has access to email but no the web. I know that it should have been better to write it in VB script, Perl or other language, but I don't have skills in those and besides it's working quite well as a batch file. :-) As you have discovered when multiple recipients are in place, if one of then sends the request, the message is released for all of them. In my opinion I consider it as a minor glitch. >From now on all my vulnerabilities hold notifications will have both options, send an email to our program alias and the link to your asp code. Where are you from? I'm in Bolivia - South America. Adolfo Justiniano Santa Cruz BBS e-mail: [EMAIL PROTECTED] http://www.scbbs.net <<< unblock_email.cmd >>> @echo off setlocal rem Paths set holdpath=d:\imail\spool\virus set spoolpath=d:\imail\spool set imailpath=c:\imail rem The following lines get the sender's address to send the confirmation rem if the message has several from: it uses the one that is at the top (headers) grep -i "from:" %1|gawk "{for (i=2;i<NF+1;i++)print NR,$i}"|grep "@"|grep "1 "|cut -d "<" -f 2-|cut -d ">" -f 1 >%1.1 for /f %%i in (%1.1) do set sender=%%i rem The following lines get the message's subject that is where the sender should send the spool name grep -i "subject:" %1|gawk "{print NR,$0}"|grep "1 "|cut -d ":" -f 2->%1.1 for /f "delims=" %%i in (%1.1) do set subject=%%i rem The following lines get just the spool name without the leading D, needed to process the D* and the Q* files rem it also gets rid of any * or ? that a malicious user could have included (Does your ASP code has provision for that?) grep -i ".smd" %1.1|cut -d "D" -f 2-|grep -v "*"|grep -v "?">%1 for /f %%i in (%1) do set message=%%i rem Deletes the file passed by IMail and the work file del %1 del %1.1 rem If the Subject doesn't have a valid spool name or if any of the files doesn't exist go to the error label if "%message%"=="" goto error if not exist %holdpath%\D%message% goto error if not exist %holdpath%\Q%message% goto error rem Move the files back to the queue move /Y %holdpath%\D%message% %spoolpath% move /Y %holdpath%\Q%message% %spoolpath% rem Send success confirmation. In unblock_email_success.txt write an small text confirming the unblock. %imailpath%\imail1 -f %imailpath%\unblock_email_success.txt -s "E-mail unblocked:%subject%" -t "%sender%" -u [EMAIL PROTECTED] goto end :error rem Send failure message. In unblock_email_error.txt write a text explaining what mistakes the user could have done %imailpath%\imail1 -f %imailpath%\unblock_email_error.txt -s "Error while unblocking E-mail:%subject%" -t "%sender%" -u [EMAIL PROTECTED] :end endlocal <<< End >>> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Wednesday, March 05, 2003 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Vulnerabilities explained BTW: I've attached to this mail a short ASP-Script that requeues a spoolfile from the virus folder. Simply set a link in your vulnerability.eml file to http://www.yourdomain.com/requeue.asp?id=%QUEUENAME% The recipient of the vuln.warning can simply click on this link to requeue the hold message. Note: the anonymous user of this web (IIS) must have read/write access to declude virus and Imail spoolfolder. Markus --- [This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
