This looks good. But I was under the ipression that emais had to be unencoded and sometimes unzip/tarred/gzipped/etc. before scanning them. Maybe not true. Are you finding that virus scanners will detect viruses in just about any emails? If so, this would be easy to setup with a quick procmail script on linux.
---- Jeff Jarchow QCI Internet http://www.qcinet.net/ ----- Original Message ----- From: "Henrik Steffen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 02, 2002 9:02 AM Subject: [xmail] Re: Using SpamCop > > > Hi, > > I'll post it to the list, because virus-checking has often been an issue > here before... > > find below my /var/MailRoot/avfilter/filter.pl with German and English > Virus-reports for the sender and the addressee. First, every mail is > filtered by Antivir ... if antivir says, there's no virus, the mail > will be filtered by Trendmicro's viruswall, too. > > --snip-- > #!/usr/bin/perl > > use strict; > > my $fileName = $ARGV[0]; > my $dirName = "$fileName.scan/"; > my $sender = $ARGV[1]; > my $rcpt = $ARGV[2]; > > mkdir($dirName, 0777); > system("/var/MailRoot/avfilter/ripmime -d $dirName -i $fileName"); > > my $retCode = system("/usr/bin/antivir -z -s $dirName/* > $fileName".".report"); > > $retCode /= 256; > > my @report; > > if ($retCode != 0) { > > open(IN, "$fileName".".report"); > @report = <IN>; > close(IN); > > system('rm', "$fileName".".report"); > > } else { > $retCode = system("/etc/iscan/vscan $dirName/* > $fileName".".report"); > $retCode /= 256; > > if ($retCode != 0) { > open(IN, "$fileName".".report"); > @report = <IN>; > close(IN); > system('rm', "$fileName".".report"); > } > } > > system('rm', '-r', $dirName); > > if ($retCode!=0) { > > my $postmaster = '[EMAIL PROTECTED]'; > > open(MAIL, "|/usr/lib/sendmail -t"); > print MAIL<<END; > To: $sender > From: $postmaster > Subject: Vorsicht, Virus! > > Hallo, (see English text below) > > Ihre Nachricht an $rcpt wurde abgelehnt! > > Unser Viren-Scanner hat einen VIRUS in Ihrer eMail entdeckt. > Ihre eMail wurde gestoppt. Der Empfänger wurde benachrichtigt. > > Bitte überprüfen Sie Ihr System, und senden Sie die Nachricht > erneut. Vielen Dank! > > END > open(MAIL2, "|/usr/lib/sendmail -t"); > print MAIL2<<END; > To: $rcpt > From: $postmaster > Subject: Virus abgefangen! > > Hallo, (see English text below) > > eine Nachricht an $rcpt wurde abgelehnt! > > Der Absender mit der Adresse $sender hat > versucht Ihnen einen Virus zu schicken. Dieser wurde von unserem > System für Sie abgefangen und unschädlich gemacht. > > END > > for my $i(0..$#report) { > if ($report[$i]=~/VIRUS\: file contains code of the virus \'(.+)\'/) { > print MAIL "AntiVir hat den Virus '$1' entdeckt!\n"; > print MAIL2 "AntiVir hat den Virus '$1' entdeckt!\n"; > } elsif ($report[$i]=~/\*\*\* Found virus (.+) in/) { > print MAIL "Die Trendmicro Viruswall hat den Virus '$1' entdeckt!\n"; > print MAIL2 "Die Trendmicro Viruswall hat den Virus '$1' entdeckt!\n"; > } > } > > print MAIL<<END; > > Wir leisten Antivirus-Hilfe unter: Tel. +49 1908 34697 > (Technische Hotline von top concepts für EUR 1.86 pro Minute) > > Um Sie zukünftig vor Virusbefall in dieser Art zu schützen, > können wir Ihnen eine gesicherte Mailbox auf unserem Server > anbieten. Dadurch werden eingehende eMails für Sie auf Viren > gefiltert, BEVOR diese überhaupt Ihren Rechner erreichen. > > Dabei kommen zwei professionelle Antivirus-Programme für Sie > gleichzeitig zum Einsatz: AntiVir und die Trendmicro Viruswall. > > Sollte dies für Sie interessant sein, so wenden Sie sich bitte > an Ihren city-map Partner vor Ort (siehe http://www.city-map.ag) > oder an top concepts in Stade, http://www.topconcepts.de > > Dem Thema Sicherheit haben wir eine eigene Webseite gewidmet, > die Sie unter http://www.sicherinsnetz.de aufrufen können. > END > > print MAIL2<<END; > > -- > > Hello, > > a message to $rcpt was rejected! > > The sender with the address $sender has > tried to send you a virus. The virus was detected by our system > and has been destroyed before your system could be infected. > > END > print MAIL<<END; > > -- > > Hello, > > Your message to $rcpt was rejected! > > Our eMail-server has detected a VIRUS in your eMail! > Your eMail has been stopped. The addressee has been notified. > > Please check your system for viruses and try to send your > message again. Thank you! > > END > for my $i(0..$#report) { > if ($report[$i]=~/VIRUS\: file contains code of the virus \'(.+)\'/) { > print MAIL "AntiVir found code of the virus '$1'!\n"; > print MAIL2 "AntiVir found code of the virus '$1'!\n"; > } elsif ($report[$i]=~/\*\*\* Found virus (.+) in/) { > print MAIL "The Trendmicro Viruswall found code of the virus: '$1'!\n"; > print MAIL2 "The Trendmicro Viruswall found code of the virus: '$1'!\n"; > } > } > > my $signatur=<<END; > > -- > > Mit freundlichem Gruß / Kind regards > > Virus-protected eMail-server at mail.city-map.de > > top concepts Internetmarketing GmbH > Am Steinkamp 7 - D-21684 Stade - Germany > -------------------------------------------------------- > http://www.topconcepts.com Tel. +49 4141 991230 > mail: info\@topconcepts.com Fax. +49 4141 991233 > -------------------------------------------------------- > Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563 > -------------------------------------------------------- > 24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc) > -------------------------------------------------------- > END > print MAIL $signatur; > print MAIL2 $signatur; > close(MAIL); > close(MAIL2); > > exit 97; > } > > system('rm', "$fileName".".report"); > > exit 0; > --snip-- > > > This is how to setup a [EMAIL PROTECTED] file: > > "/var/MailRoot/avfilter/filter.pl" "@@FILE" "@@FROM" "@@RCPT" > > > > have a nice day > > Kind regards > > Henrik Steffen > Geschäftsführer > > top concepts Internetmarketing GmbH > Am Steinkamp 7 - D-21684 Stade - Germany > -------------------------------------------------------- > http://www.topconcepts.com Tel. +49 4141 991230 > mail: [EMAIL PROTECTED] Fax. +49 4141 991233 > -------------------------------------------------------- > 24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc) > -------------------------------------------------------- > System-Partner gesucht: http://www.franchise.city-map.de > -------------------------------------------------------- > Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563 > -------------------------------------------------------- > > ----- Original Message ----- > From: "Jeff" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, August 02, 2002 2:41 PM > Subject: [xmail] Re: Using SpamCop > > > > > > Can you provide more info (off this list [EMAIL PROTECTED], as this > > list is probably more for xmail stuff ). I have tried implementing > > amavis but that has used up about 2 weeks of my time and I still > > haven't gotten it implemented correctly. > > > > > > -- > > Jeff Jarchow > > QCI Internet > > http://www.qcinet.net/ > > > > > > > > > > why not use an antivirus tool for linux with xmail? > > > > > > we are using both trendmicro viruswall and h+b edv's antivir > > (www.antivir.de) > > > in a cascading virus-check perl-script which works excellent. > > > > > > > > > Mit freundlichem Gruß > > > > > > Henrik Steffen > > > Geschäftsführer > > > > > > top concepts Internetmarketing GmbH > > > Am Steinkamp 7 - D-21684 Stade - Germany > > > -------------------------------------------------------- > > > http://www.topconcepts.com Tel. +49 4141 991230 > > > mail: [EMAIL PROTECTED] Fax. +49 4141 991233 > > > -------------------------------------------------------- > > > 24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc) > > > -------------------------------------------------------- > > > System-Partner gesucht: http://www.franchise.city-map.de > > > -------------------------------------------------------- > > > Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563 > > > -------------------------------------------------------- > > > > > > ----- Original Message ----- > > > From: "Jeff" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Friday, August 02, 2002 2:31 PM > > > Subject: [xmail] Re: Using SpamCop > > > > > > > > > > > > > > I just have to get in on this discussion. As I agree and disagree > > with > > > > some comments from others. > > > > > > > > I run an internet service with about 1000 users. I have my email > > > > posted all over my web site so that my customers, and potential new > > > > business can reach me. I have to be VERY careful on who I blacklist > > > > for spam. I can just start putting in ip ranges or domains names. > > As > > > > an ISP, I know that every once in a blue moon somebody pulls a fast > > > > one on me and signs up for my service and sends out about a good > > 50 to > > > > 60 thousand messages. Now I don't want my domain name or IP ranges > > > > blacklisted beacause of this on guy. > > > > > > > > I am currenty running red hat using sendmail and qpopper. I want to > > > > swith to xmail for easier for two major reasons: 1) I will be on > > > > windows, which is where this particular application should be, and > > 2) > > > > I can easier implement virus protection. Unfortunately, there is > > one > > > > major thing holding me back, SPAMASSASSIN. This program works like > > a > > > > dream to fight spam. I normally get about 70 to 80 Spams a day, but > > > > with SpamAssassin, this is cust down to about 2 or 3. > > > > > > > > For those of you that aren't familiar with it, SpamAssassin works > > on a > > > > ranking system and performs a number of checks on incoming mail, > > based > > > > on the score, it can determine whether a message is spam. It works > > > > VERY WELL. The only problem, it has not been ported to windows. > > > > > > > > I here that DeerSoft has ported this to windows but only for the > > > > client side and not the server. I guess I may just have to bite the > > > > bullet and go to which is more important, and right now that is > > Virus > > > > Filtering. > > > > > > > > Any comments anyone, or any other windows spam solutions. > > > > > > > > > > > > -- > > > > Jeff Jarchow > > > > QCI Internet > > > > http://www.qcinet.net/ > > > > > > > > > > > > > > Does anyone know of a spam blacklist that lists domains/servers > > > > rather > > > > > than IP ranges? I think that while it may be a bit less > > effective, > > > > it > > > > > will lower the amout of complaints all in all. > > > > > > > > > > Oh, and can XMail interface with such lists? > > > > > > > > > > Henrik Steffen wrote: > > > > > > > > > > >Dear Peter, > > > > > > > > > > > >this is of course exactly my opinion. But talking about the - > > > > > >in German so-called "DAU" (dümmster anzunehmender User - most > > stupid > > > > > >user one can imagine) the DAU will in 98 % of the cases contact > > US, > > > > > >because OUR email-address doesn't work, and still for the DAU > > most > > > > of the other > > > > > >addresses world-wide work. So they think it's our fault - and > > it's > > > > quite > > > > > >hard to convince them that it's the fault of THEIR provider and > > > > they'll have > > > > > >to contact him instead. > > > > > > > > > > > >Mit freundlichem Gruß > > > > > > > > > > > >Henrik Steffen > > > > > >Geschäftsführer > > > > > > > > > > > >top concepts Internetmarketing GmbH > > > > > >Am Steinkamp 7 - D-21684 Stade - Germany > > > > > >-------------------------------------------------------- > > > > > >http://www.topconcepts.com Tel. +49 4141 991230 > > > > > >mail: [EMAIL PROTECTED] Fax. +49 4141 991233 > > > > > >-------------------------------------------------------- > > > > > >24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc) > > > > > >-------------------------------------------------------- > > > > > >System-Partner gesucht: http://www.franchise.city-map.de > > > > > >-------------------------------------------------------- > > > > > >Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563 > > > > > >-------------------------------------------------------- > > > > > > > > > > > >----- Original Message ----- > > > > > >From: "Peter Lindeman" <[EMAIL PROTECTED]> > > > > > >To: <[EMAIL PROTECTED]> > > > > > >Sent: Thursday, August 01, 2002 11:15 PM > > > > > >Subject: [xmail] Re: Using SpamCop > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>Henrik Steffen wrote: > > > > > >> > > > > > >> > > > > > >> > > > > > >>>and yes: we do still have complaints from people that can't > > send > > > > mail > > > > > >>>to us, or even worse: to our customers. We are hosting about > > 2.000 > > > > > >>>mail-domains on our mailserver. > > > > > >>> > > > > > >>> > > > > > >>Well I think it is very simply. If a person can't mail he/she > > > > should > > > > > >>complain at their provider. They screwed up so they should fix > > the > > > > > >>troubles. This is the only way to fight spam. The more people > > use > > > > it > > > > > >>this way the earlier spam belongs to the past. > > > > > >> > > > > > >>-- > > > > > >>Groeten, > > > > > >>Peter > > > > > >> > > > > > >>-- > > > > > >>Diplomacy is the art of saying 'Nice doggie!'... till you can > > find > > > > a rock. > > > > > >> > > > > > >>--- > > > > > >>--- Heb je een Sony Digital video camera ? > > > > > >>--- Kijk eens op http://www.dvin.org > > > > > >>--- Kijk ook op http://www.lindeman.org > > > > > >>--- ICQ 22383596 > > > > > >>--- Uptime lindeman.org : 1 days, 6 hours and 10 minutes, 0 > > users > > > > logged in. > > > > > >> > > > > > >> > > > > > >>- > > > > > >>To unsubscribe from this list: send the line "unsubscribe > > xmail" in > > > > > >>the body of a message to [EMAIL PROTECTED] > > > > > >>For general help: send the line "help" in the body of a > > message to > > > > > >>[EMAIL PROTECTED] > > > > > >> > > > > > >> > > > > > >> > > > > > > > > > > > >- > > > > > >To unsubscribe from this list: send the line "unsubscribe > > xmail" in > > > > > >the body of a message to [EMAIL PROTECTED] > > > > > >For general help: send the line "help" in the body of a message > > to > > > > > >[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - > > > > > To unsubscribe from this list: send the line "unsubscribe xmail" > > in > > > > > the body of a message to [EMAIL PROTECTED] > > > > > For general help: send the line "help" in the body of a message > > to > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > - > > > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > > > the body of a message to [EMAIL PROTECTED] > > > > For general help: send the line "help" in the body of a message to > > > > [EMAIL PROTECTED] > > > > > > > > > > - > > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > > the body of a message to [EMAIL PROTECTED] > > > For general help: send the line "help" in the body of a message to > > > [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > the body of a message to [EMAIL PROTECTED] > > For general help: send the line "help" in the body of a message to > > [EMAIL PROTECTED] > > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]