[Glastonbury] Sobig.F filter
Martin Wheeler
glastonbury at mailman.lug.org.uk
Thu Aug 21 22:30:01 2003
The following has just been published on debian-isp; I'm forwarding it to
this list in case it is of use to anyone:
***************************************************************************=
**
Hi all,
here: http://www.heise.de/security/news/meldung/39589 (german) you can find=
a
simple filter for sendmail (below) and exim. Now I'd like to know how to
integrate that into sendmail.cf or better sendmail.mc and an external file =
so
I can integrate it as a FEATURE or something.
Of course they, as well as me, don't give any warranty for this code.
TIA,
=09S=F6nke
Oh and sorry if this is way OT for this group.
----------------------------------------------
LOCAL_CONFIG Kstorage macro
LOCAL_RULESETS
HX-MailScanner: $>+CheckDateXMSc
D{SobigFPat}Found to be clean
D{SobigFMsg}This message may contain the Sobig.F virus.
SCheckDateXMSc
R${SobigFPat} $* $: $(storage {SobigFCheck} $@ SobigF $) $1
R$* $@ OK
HMessage-Id: $>CheckMessageId
SCheckMessageId
# Record the presence of the header
R$* $: $(storage {MessageIdCheck} $@ OK $) $1
R$* $@ OK
Scheck_eoh
# Check the macro
R$* $: < $&{MessageIdCheck} >
# Clear the macro for the next message
R$* $: $(storage {MessageIdCheck} $) $1
R< $+ > $@ $>ClearSobig
R$* $: < $&{SobigFCheck} >
R$* $: $(storage {SobigFCheck} $) $1
R< SobigF > $#error $: 553 ${SobigFMsg}
R$* $@ OK
SClearSobig
R$* $: $(storage {SobigFCheck} $) $1
R$* $@ OK
**************************************************************************
--=20
Martin Wheeler - StarTEXT / AVALONIX - Glastonbury - BA6 9PH - England
msw@startext.demon.co.uk http://startext.demon.co.uk/
GPG pub key : 8D6B948B ECC6 D98E 4CC8 60E3 7E32 D594 BB27 3368 8D6B 948B
- Share your knowledge. It's a way of achieving immortality. -