debian mailscanner package with sophos
mark david mcCreary
mdm at INTERNET-TOOLS.COM
Mon Apr 29 00:36:05 IST 2002
I am trying to use the Debian Mailscanner package with Sophos Anti Virus.
My thanks to Julian Field for releasing Mailscanner and to Matthias
Klose for making it a Debian package.
I am interested in using Sophos without the Intercheck facility, so I
am compiling the Sophos package like this
tar -zxvf linux.intel.libc6.tar.Z
cd /usr/local/src/sav-install
./install.sh -ni -d /usr/local/Sophos -m /usr/share/man
My next step seems to be to tweak the
/etc/mailscanner/wrapper/sophoswrapper file, so that
SAV_IDE=$PackageDir/ide
becomes
SAV_IDE=$PackageDir/sav
Since I am not using the Intercheck feature, and do not have any ide directory.
It also looks like I need to tweak the
/etc/mailscanner/autoupdate/sophos file, but I am a bit confused.
I'm thinking that I want to bring down any new virus IDE files into
the /usr/local/Sophos/sav directory, where Sophos will then
automatically use these newly discovered virus signatures.
And this autoupdate/sophos file from the Debian package does not seem
to have been tweaked to fit Debian at this time.
If anybody has already tweaked this script for Debian, would you
please post it.
I'm also confused about these line in the /etc/init.d/mailscanner
startup script
touch /var/lock/subsys/mailscanner
rm -f /var/lock/subsys/mailscanner
Is the subsys directory supposed to be in that path ?
I also expanded the number of known poisoned file names, using data
from John Hardin's E-mail Sanitizer at
http://www.impsec.org/email-tools/procmail-security.html
My filename.rules.conf now looks like this
# These are well known viruses.
deny pretty\s+park\.exe$ "Pretty Park" virus
Pretty Park" virus
deny happy99.exe$ "Happy" virus "Happy" virus
deny .*romeo.exe$ E-mail Sanitizer
E-mail Sanitizer
deny alyssa?s?here?.exe$ E-mail Sanitizer
E-mail Sanitizer
deny amateurs.exe$ E-mail Sanitizer
E-mail Sanitizer
deny anal.exe$ E-mail Sanitizer
E-mail Sanitizer
deny anna.exe$ E-mail Sanitizer
E-mail Sanitizer
deny anniv.doc$ E-mail Sanitizer
E-mail Sanitizer
deny anti_cih.exe$ E-mail Sanitizer
E-mail Sanitizer
deny anti_terrorism.exe$ E-mail Sanitizer
E-mail Sanitizer
deny antivirus.exe$ E-mail Sanitizer
E-mail Sanitizer
deny ants[0-9]+set.exe$ E-mail Sanitizer
E-mail Sanitizer
deny aol4free.com$ E-mail Sanitizer
E-mail Sanitizer
deny asian.exe$ E-mail Sanitizer
E-mail Sanitizer
deny atchim.exe$ E-mail Sanitizer
E-mail Sanitizer
deny avp_updates.exe$ E-mail Sanitizer
E-mail Sanitizer
deny babylonia.exe$ E-mail Sanitizer
E-mail Sanitizer
deny badass.exe$ E-mail Sanitizer
E-mail Sanitizer
deny bar.exe$ E-mail Sanitizer
E-mail Sanitizer
deny binladen_bra[sz]il.exe$ E-mail Sanitizer
E-mail Sanitizer
deny black.exe$ E-mail Sanitizer
E-mail Sanitizer
deny blancheneige.exe$ E-mail Sanitizer
E-mail Sanitizer
deny blonde.exe$ E-mail Sanitizer
E-mail Sanitizer
deny boys.exe$ E-mail Sanitizer
E-mail Sanitizer
deny buhh.exe$ E-mail Sanitizer
E-mail Sanitizer
deny celebrity?rape.exe$ E-mail Sanitizer
E-mail Sanitizer
deny christmas.exe$ E-mail Sanitizer
E-mail Sanitizer
deny cheerleader.exe$ E-mail Sanitizer
E-mail Sanitizer
deny chocolate.exe$ E-mail Sanitizer
E-mail Sanitizer
deny comical_story.doc$ E-mail Sanitizer
E-mail Sanitizer
deny common.exe$ E-mail Sanitizer
E-mail Sanitizer
deny compu_ma.exe$ E-mail Sanitizer
E-mail Sanitizer
deny creative.exe$ E-mail Sanitizer
E-mail Sanitizer
deny cum.exe$ E-mail Sanitizer
E-mail Sanitizer
deny cumshot.exe$ E-mail Sanitizer
E-mail Sanitizer
deny disk.exe$ E-mail Sanitizer
E-mail Sanitizer
deny doggy.exe$ E-mail Sanitizer
E-mail Sanitizer
deny dwarf4you.exe$ E-mail Sanitizer
E-mail Sanitizer
deny emanuel.exe$ E-mail Sanitizer
E-mail Sanitizer
deny enanito?fisgon.exe$ E-mail Sanitizer
E-mail Sanitizer
deny enano.exe$ E-mail Sanitizer
E-mail Sanitizer
deny enano?porno.exe$ E-mail Sanitizer
E-mail Sanitizer
deny famous.exe$ E-mail Sanitizer
E-mail Sanitizer
deny files.exe$ E-mail Sanitizer
E-mail Sanitizer
deny fist-f?cking.exe$ E-mail Sanitizer
E-mail Sanitizer
deny gay.exe$ E-mail Sanitizer
E-mail Sanitizer
deny girls.exe$ E-mail Sanitizer
E-mail Sanitizer
deny happy[0-9]+.exe$ E-mail Sanitizer
E-mail Sanitizer
deny hardcore.exe$ E-mail Sanitizer
E-mail Sanitizer
deny honey.exe$ E-mail Sanitizer
E-mail Sanitizer
deny horny.exe$ E-mail Sanitizer
E-mail Sanitizer
deny hot.exe$ E-mail Sanitizer
E-mail Sanitizer
deny hottest.exe$ E-mail Sanitizer
E-mail Sanitizer
deny i-watch-u.exe$ E-mail Sanitizer
E-mail Sanitizer
deny ibmls.exe$ E-mail Sanitizer
E-mail Sanitizer
deny ie0199.exe$ E-mail Sanitizer
E-mail Sanitizer
deny ie[0-9]+.exe$ E-mail Sanitizer
E-mail Sanitizer
deny images_zipped.exe$ E-mail Sanitizer
E-mail Sanitizer
deny install*.exe$ E-mail Sanitizer
E-mail Sanitizer
deny invoice.exe$ E-mail Sanitizer
E-mail Sanitizer
deny javascript.exe$ E-mail Sanitizer
E-mail Sanitizer
deny jesus.exe$ E-mail Sanitizer
E-mail Sanitizer
deny joke.exe$ E-mail Sanitizer
E-mail Sanitizer
deny kinky.exe$ E-mail Sanitizer
E-mail Sanitizer
deny leather.exe$ E-mail Sanitizer
E-mail Sanitizer
deny led.exe$ E-mail Sanitizer
E-mail Sanitizer
deny lesbians.exe$ E-mail Sanitizer
E-mail Sanitizer
deny list.doc$ E-mail Sanitizer
E-mail Sanitizer
deny lovers.exe$ E-mail Sanitizer
E-mail Sanitizer
deny luckey.exe$ E-mail Sanitizer
E-mail Sanitizer
deny matcher.exe$ E-mail Sanitizer
E-mail Sanitizer
deny messy.exe$ E-mail Sanitizer
E-mail Sanitizer
deny missworld.exe$ E-mail Sanitizer
E-mail Sanitizer
deny misworld.exe$ E-mail Sanitizer
E-mail Sanitizer
deny mkcompat.exe$ E-mail Sanitizer
E-mail Sanitizer
deny mmsn_offline.htm$ E-mail Sanitizer
E-mail Sanitizer
deny ms[0-9-]+.exe$ E-mail Sanitizer
E-mail Sanitizer
deny mwld.exe$ E-mail Sanitizer
E-mail Sanitizer
deny mwrld.exe$ E-mail Sanitizer
E-mail Sanitizer
deny nakedwife.exe$ E-mail Sanitizer
E-mail Sanitizer
deny navidad.exe$ E-mail Sanitizer
E-mail Sanitizer
deny ntkrnl.exe$ E-mail Sanitizer
E-mail Sanitizer
deny oains.exe$ E-mail Sanitizer
E-mail Sanitizer
deny oral.exe$ E-mail Sanitizer
E-mail Sanitizer
deny orgy.exe$ E-mail Sanitizer
E-mail Sanitizer
deny patch*.exe$ E-mail Sanitizer
E-mail Sanitizer
deny path.xls$ E-mail Sanitizer
E-mail Sanitizer
deny photos17.exe$ E-mail Sanitizer
E-mail Sanitizer
deny picture.exe$ E-mail Sanitizer
E-mail Sanitizer
deny pippo.exe$ E-mail Sanitizer
E-mail Sanitizer
deny pleasure.exe$ E-mail Sanitizer
E-mail Sanitizer
deny porkis.exe$ E-mail Sanitizer
E-mail Sanitizer
deny pretty?park.exe$ E-mail Sanitizer
E-mail Sanitizer
deny prettypark.exe$ E-mail Sanitizer
E-mail Sanitizer
deny q[0-9][0-9][0-9]+.exe$ E-mail Sanitizer
E-mail Sanitizer
deny qi_test.exe$ E-mail Sanitizer
E-mail Sanitizer
deny quake4demo.exe$ E-mail Sanitizer
E-mail Sanitizer
deny raquel?darian.exe$ E-mail Sanitizer
E-mail Sanitizer
deny readme.exe$ E-mail Sanitizer
E-mail Sanitizer
deny rede.exe$ E-mail Sanitizer
E-mail Sanitizer
deny romeo.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sado.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sample.exe$ E-mail Sanitizer
E-mail Sanitizer
deny seicho_no_ie.exe$ E-mail Sanitizer
E-mail Sanitizer
deny serialz.hlp$ E-mail Sanitizer
E-mail Sanitizer
deny setup*.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sex.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sexy.exe$ E-mail Sanitizer
E-mail Sanitizer
deny shake.exe$ E-mail Sanitizer
E-mail Sanitizer
deny si.exe$ E-mail Sanitizer
E-mail Sanitizer
deny slut.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sm.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sodomized.exe$ E-mail Sanitizer
E-mail Sanitizer
deny softwarekey.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sslpatch.exe$ E-mail Sanitizer
E-mail Sanitizer
deny story.doc$ E-mail Sanitizer
E-mail Sanitizer
deny suck.exe$ E-mail Sanitizer
E-mail Sanitizer
deny sulfnbk.exe$ E-mail Sanitizer
E-mail Sanitizer
deny suppl.doc$ E-mail Sanitizer
E-mail Sanitizer
deny surprise!.exe$ E-mail Sanitizer
E-mail Sanitizer
deny suzete.exe$ E-mail Sanitizer
E-mail Sanitizer
deny teens.exe$ E-mail Sanitizer
E-mail Sanitizer
deny update*.exe$ E-mail Sanitizer
E-mail Sanitizer
deny upgrade*.exe$ E-mail Sanitizer
E-mail Sanitizer
deny userconf.exe$ E-mail Sanitizer
E-mail Sanitizer
deny virgins.exe$ E-mail Sanitizer
E-mail Sanitizer
deny whatever.exe$ E-mail Sanitizer
E-mail Sanitizer
deny wtc.exe$ E-mail Sanitizer
E-mail Sanitizer
deny x-mas.exe$ E-mail Sanitizer
E-mail Sanitizer
deny xena.exe$ E-mail Sanitizer
E-mail Sanitizer
deny xuxa.exe$ E-mail Sanitizer
E-mail Sanitizer
deny y2kcount.exe$ E-mail Sanitizer
E-mail Sanitizer
deny yahoo.exe$ E-mail Sanitizer
E-mail Sanitizer
deny yawsetup.exe$ E-mail Sanitizer
E-mail Sanitizer
deny zacker.exe$ E-mail Sanitizer
E-mail Sanitizer
deny zipped_files.exe$ E-mail Sanitizer
E-mail Sanitizer
I'm not sure I have this set up exactly right, since one of my tests
returned a stored filename message, instead of the known virus
message I was expecting.
If anybody has any feedback or clues on using Sophos with the Debian
Mailscanner package, I would appreciate it.
Thanks
mark david mcCreary
More information about the MailScanner
mailing list