Inflex mail scanner

Sun, 05 Oct 2003 05:56:35 -0700 

Redhat 7.2
Inflex mail scanner/sendmail

I am trying to block file extenstions. Now I find that some excel,word docs
are not getting through. here is how i blocked .bat, .scr etc. what am i
doing wrong?
Also, in the inflex directory I see a file with a extenstion I don't know.
".inflex.swn" any clues?


Now we can search through the resultant file/type list as

# generated from above, and we output the results to the

# BADFILES list.

#

testing

# Suggested by "Michael A. Dietz" <[EMAIL PROTECTED]>

#

# 17/04/2001-Phil Crooker - Improved Executable detection line

#

$file -f $filelist > $fileresults



${cut} -d: -f2 $fileresults | ${grep} "AVI" >> ${typebadfileslog}

${cut} -d: -f2 $fileresults | ${grep} "MPEG" >> {typebadfileslog}

${cut} -d: -f2 $fileresults | ${grep} "WAVE" >> {typebadfileslog}

else

printf "Type scanning off.\n" >> ${locallog}

fi

#

# If any files tested positive in the above magic/name tests

# then the badfileslist will be bigger than 0-bytes

# Hence if so, set the scan status to say so!

#

if [ -s ${typebadfileslog} ]

then

filetypescan=1

lresult=1

emailblocked=1

cat ${typebadfileslog} >> ${badfileslog}

else

filetypescan=0

fi

if [ $emailblocked -eq 0 ]; then

if [ "a${scanforfilename}" != "an" ]

then

#

# Next we also scan for actual file names

# This is VERY useful for if there is a know file that contains

# a virus, but alas, our virus scanner can't pick it up

#

# 1.0.3 - changed -iname to $find_flags, this is to increase

# portability between OS's, as some find implemtations only take

# -name rather than -iname (ie, FreeBSD)

#

cat $filelist | ${grep} -Ei "*.mp3" >> ${namebadfileslog}

cat $filelist | ${grep} -Ei "*.vbs" >> ${namebadfileslog}

cat $filelist | ${grep} -Ei "\....\....$" >> ${namebadfileslog}

cat $filelist | ${grep} -Ei "*.bat" >> ${namebadfileslog}

cat $filelist | ${grep} -Ei "*.pif" >> ${namebadfileslog}

cat $filelist | ${grep} -Ei "*.scr" >> ${namebadfileslog}

cat $filelist | ${grep} -Ei "*.com" >> ${namebadfileslog}




-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to