Hi,
I'll post it to the list, because virus-checking has often been an issue
here before...
find below my /var/MailRoot/avfilter/filter.pl with German and English
Virus-reports for the sender and the addressee. First, every mail is
filtered by Antivir ... if antivir says, there's no virus, the mail
will be filtered by Trendmicro's viruswall, too.
--snip--
#!/usr/bin/perl
use strict;
my $fileName = $ARGV[0];
my $dirName = "$fileName.scan/";
my $sender = $ARGV[1];
my $rcpt = $ARGV[2];
mkdir($dirName, 0777);
system("/var/MailRoot/avfilter/ripmime -d $dirName -i $fileName");
my $retCode = system("/usr/bin/antivir -z -s $dirName/* > $fileName".".report");
$retCode /= 256;
my @report;
if ($retCode != 0) {
open(IN, "$fileName".".report");
@report = <IN>;
close(IN);
system('rm', "$fileName".".report");
} else {
$retCode = system("/etc/iscan/vscan $dirName/* > $fileName".".report");
$retCode /= 256;
if ($retCode != 0) {
open(IN, "$fileName".".report");
@report = <IN>;
close(IN);
system('rm', "$fileName".".report");
}
}
system('rm', '-r', $dirName);
if ($retCode!=0) {
my $postmaster = '[EMAIL PROTECTED]';
open(MAIL, "|/usr/lib/sendmail -t");
print MAIL<<END;
To: $sender
From: $postmaster
Subject: Vorsicht, Virus!
Hallo, (see English text below)
Ihre Nachricht an $rcpt wurde abgelehnt!
Unser Viren-Scanner hat einen VIRUS in Ihrer eMail entdeckt.
Ihre eMail wurde gestoppt. Der Empfänger wurde benachrichtigt.
Bitte überprüfen Sie Ihr System, und senden Sie die Nachricht
erneut. Vielen Dank!
END
open(MAIL2, "|/usr/lib/sendmail -t");
print MAIL2<<END;
To: $rcpt
From: $postmaster
Subject: Virus abgefangen!
Hallo, (see English text below)
eine Nachricht an $rcpt wurde abgelehnt!
Der Absender mit der Adresse $sender hat
versucht Ihnen einen Virus zu schicken. Dieser wurde von unserem
System für Sie abgefangen und unschädlich gemacht.
END
for my $i(0..$#report) {
if ($report[$i]=~/VIRUS\: file contains code of the virus \'(.+)\'/) {
print MAIL "AntiVir hat den Virus '$1' entdeckt!\n";
print MAIL2 "AntiVir hat den Virus '$1' entdeckt!\n";
} elsif ($report[$i]=~/\*\*\* Found virus (.+) in/) {
print MAIL "Die Trendmicro Viruswall hat den Virus '$1' entdeckt!\n";
print MAIL2 "Die Trendmicro Viruswall hat den Virus '$1' entdeckt!\n";
}
}
print MAIL<<END;
Wir leisten Antivirus-Hilfe unter: Tel. +49 1908 34697
(Technische Hotline von top concepts für EUR 1.86 pro Minute)
Um Sie zukünftig vor Virusbefall in dieser Art zu schützen,
können wir Ihnen eine gesicherte Mailbox auf unserem Server
anbieten. Dadurch werden eingehende eMails für Sie auf Viren
gefiltert, BEVOR diese überhaupt Ihren Rechner erreichen.
Dabei kommen zwei professionelle Antivirus-Programme für Sie
gleichzeitig zum Einsatz: AntiVir und die Trendmicro Viruswall.
Sollte dies für Sie interessant sein, so wenden Sie sich bitte
an Ihren city-map Partner vor Ort (siehe http://www.city-map.ag)
oder an top concepts in Stade, http://www.topconcepts.de
Dem Thema Sicherheit haben wir eine eigene Webseite gewidmet,
die Sie unter http://www.sicherinsnetz.de aufrufen können.
END
print MAIL2<<END;
--
Hello,
a message to $rcpt was rejected!
The sender with the address $sender has
tried to send you a virus. The virus was detected by our system
and has been destroyed before your system could be infected.
END
print MAIL<<END;
--
Hello,
Your message to $rcpt was rejected!
Our eMail-server has detected a VIRUS in your eMail!
Your eMail has been stopped. The addressee has been notified.
Please check your system for viruses and try to send your
message again. Thank you!
END
for my $i(0..$#report) {
if ($report[$i]=~/VIRUS\: file contains code of the virus \'(.+)\'/) {
print MAIL "AntiVir found code of the virus '$1'!\n";
print MAIL2 "AntiVir found code of the virus '$1'!\n";
} elsif ($report[$i]=~/\*\*\* Found virus (.+) in/) {
print MAIL "The Trendmicro Viruswall found code of the virus: '$1'!\n";
print MAIL2 "The Trendmicro Viruswall found code of the virus: '$1'!\n";
}
}
my $signatur=<<END;
--
Mit freundlichem Gruß / Kind regards
Virus-protected eMail-server at mail.city-map.de
top concepts Internetmarketing GmbH
Am Steinkamp 7 - D-21684 Stade - Germany
--------------------------------------------------------
http://www.topconcepts.com Tel. +49 4141 991230
mail: info\@topconcepts.com Fax. +49 4141 991233
--------------------------------------------------------
Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
--------------------------------------------------------
24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
--------------------------------------------------------
END
print MAIL $signatur;
print MAIL2 $signatur;
close(MAIL);
close(MAIL2);
exit 97;
}
system('rm', "$fileName".".report");
exit 0;
--snip--
This is how to setup a [EMAIL PROTECTED] file:
"/var/MailRoot/avfilter/filter.pl" "@@FILE" "@@FROM" "@@RCPT"
have a nice day
Kind regards
Henrik Steffen
Geschäftsführer
top concepts Internetmarketing GmbH
Am Steinkamp 7 - D-21684 Stade - Germany
--------------------------------------------------------
http://www.topconcepts.com Tel. +49 4141 991230
mail: [EMAIL PROTECTED] Fax. +49 4141 991233
--------------------------------------------------------
24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
--------------------------------------------------------
System-Partner gesucht: http://www.franchise.city-map.de
--------------------------------------------------------
Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
--------------------------------------------------------
----- Original Message -----
From: "Jeff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 02, 2002 2:41 PM
Subject: [xmail] Re: Using SpamCop
>
> Can you provide more info (off this list [EMAIL PROTECTED], as this
> list is probably more for xmail stuff ). I have tried implementing
> amavis but that has used up about 2 weeks of my time and I still
> haven't gotten it implemented correctly.
>
>
> --
> Jeff Jarchow
> QCI Internet
> http://www.qcinet.net/
>
>
> >
> > why not use an antivirus tool for linux with xmail?
> >
> > we are using both trendmicro viruswall and h+b edv's antivir
> (www.antivir.de)
> > in a cascading virus-check perl-script which works excellent.
> >
> >
> > Mit freundlichem Gruß
> >
> > Henrik Steffen
> > Geschäftsführer
> >
> > top concepts Internetmarketing GmbH
> > Am Steinkamp 7 - D-21684 Stade - Germany
> > --------------------------------------------------------
> > http://www.topconcepts.com Tel. +49 4141 991230
> > mail: [EMAIL PROTECTED] Fax. +49 4141 991233
> > --------------------------------------------------------
> > 24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
> > --------------------------------------------------------
> > System-Partner gesucht: http://www.franchise.city-map.de
> > --------------------------------------------------------
> > Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
> > --------------------------------------------------------
> >
> > ----- Original Message -----
> > From: "Jeff" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, August 02, 2002 2:31 PM
> > Subject: [xmail] Re: Using SpamCop
> >
> >
> > >
> > > I just have to get in on this discussion. As I agree and disagree
> with
> > > some comments from others.
> > >
> > > I run an internet service with about 1000 users. I have my email
> > > posted all over my web site so that my customers, and potential new
> > > business can reach me. I have to be VERY careful on who I blacklist
> > > for spam. I can just start putting in ip ranges or domains names.
> As
> > > an ISP, I know that every once in a blue moon somebody pulls a fast
> > > one on me and signs up for my service and sends out about a good
> 50 to
> > > 60 thousand messages. Now I don't want my domain name or IP ranges
> > > blacklisted beacause of this on guy.
> > >
> > > I am currenty running red hat using sendmail and qpopper. I want to
> > > swith to xmail for easier for two major reasons: 1) I will be on
> > > windows, which is where this particular application should be, and
> 2)
> > > I can easier implement virus protection. Unfortunately, there is
> one
> > > major thing holding me back, SPAMASSASSIN. This program works like
> a
> > > dream to fight spam. I normally get about 70 to 80 Spams a day, but
> > > with SpamAssassin, this is cust down to about 2 or 3.
> > >
> > > For those of you that aren't familiar with it, SpamAssassin works
> on a
> > > ranking system and performs a number of checks on incoming mail,
> based
> > > on the score, it can determine whether a message is spam. It works
> > > VERY WELL. The only problem, it has not been ported to windows.
> > >
> > > I here that DeerSoft has ported this to windows but only for the
> > > client side and not the server. I guess I may just have to bite the
> > > bullet and go to which is more important, and right now that is
> Virus
> > > Filtering.
> > >
> > > Any comments anyone, or any other windows spam solutions.
> > >
> > >
> > > --
> > > Jeff Jarchow
> > > QCI Internet
> > > http://www.qcinet.net/
> > >
> > > >
> > > > Does anyone know of a spam blacklist that lists domains/servers
> > > rather
> > > > than IP ranges? I think that while it may be a bit less
> effective,
> > > it
> > > > will lower the amout of complaints all in all.
> > > >
> > > > Oh, and can XMail interface with such lists?
> > > >
> > > > Henrik Steffen wrote:
> > > >
> > > > >Dear Peter,
> > > > >
> > > > >this is of course exactly my opinion. But talking about the -
> > > > >in German so-called "DAU" (dümmster anzunehmender User - most
> stupid
> > > > >user one can imagine) the DAU will in 98 % of the cases contact
> US,
> > > > >because OUR email-address doesn't work, and still for the DAU
> most
> > > of the other
> > > > >addresses world-wide work. So they think it's our fault - and
> it's
> > > quite
> > > > >hard to convince them that it's the fault of THEIR provider and
> > > they'll have
> > > > >to contact him instead.
> > > > >
> > > > >Mit freundlichem Gruß
> > > > >
> > > > >Henrik Steffen
> > > > >Geschäftsführer
> > > > >
> > > > >top concepts Internetmarketing GmbH
> > > > >Am Steinkamp 7 - D-21684 Stade - Germany
> > > > >--------------------------------------------------------
> > > > >http://www.topconcepts.com Tel. +49 4141 991230
> > > > >mail: [EMAIL PROTECTED] Fax. +49 4141 991233
> > > > >--------------------------------------------------------
> > > > >24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
> > > > >--------------------------------------------------------
> > > > >System-Partner gesucht: http://www.franchise.city-map.de
> > > > >--------------------------------------------------------
> > > > >Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
> > > > >--------------------------------------------------------
> > > > >
> > > > >----- Original Message -----
> > > > >From: "Peter Lindeman" <[EMAIL PROTECTED]>
> > > > >To: <[EMAIL PROTECTED]>
> > > > >Sent: Thursday, August 01, 2002 11:15 PM
> > > > >Subject: [xmail] Re: Using SpamCop
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >>Henrik Steffen wrote:
> > > > >>
> > > > >>
> > > > >>
> > > > >>>and yes: we do still have complaints from people that can't
> send
> > > mail
> > > > >>>to us, or even worse: to our customers. We are hosting about
> 2.000
> > > > >>>mail-domains on our mailserver.
> > > > >>>
> > > > >>>
> > > > >>Well I think it is very simply. If a person can't mail he/she
> > > should
> > > > >>complain at their provider. They screwed up so they should fix
> the
> > > > >>troubles. This is the only way to fight spam. The more people
> use
> > > it
> > > > >>this way the earlier spam belongs to the past.
> > > > >>
> > > > >>--
> > > > >>Groeten,
> > > > >>Peter
> > > > >>
> > > > >>--
> > > > >>Diplomacy is the art of saying 'Nice doggie!'... till you can
> find
> > > a rock.
> > > > >>
> > > > >>---
> > > > >>--- Heb je een Sony Digital video camera ?
> > > > >>--- Kijk eens op http://www.dvin.org
> > > > >>--- Kijk ook op http://www.lindeman.org
> > > > >>--- ICQ 22383596
> > > > >>--- Uptime lindeman.org : 1 days, 6 hours and 10 minutes, 0
> users
> > > logged in.
> > > > >>
> > > > >>
> > > > >>-
> > > > >>To unsubscribe from this list: send the line "unsubscribe
> xmail" in
> > > > >>the body of a message to [EMAIL PROTECTED]
> > > > >>For general help: send the line "help" in the body of a
> message to
> > > > >>[EMAIL PROTECTED]
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >-
> > > > >To unsubscribe from this list: send the line "unsubscribe
> xmail" in
> > > > >the body of a message to [EMAIL PROTECTED]
> > > > >For general help: send the line "help" in the body of a message
> to
> > > > >[EMAIL PROTECTED]
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > -
> > > > To unsubscribe from this list: send the line "unsubscribe xmail"
> in
> > > > the body of a message to [EMAIL PROTECTED]
> > > > For general help: send the line "help" in the body of a message
> to
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > > the body of a message to [EMAIL PROTECTED]
> > > For general help: send the line "help" in the body of a message to
> > > [EMAIL PROTECTED]
> > >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
