MailScanner feature request

Thu Sep 4 15:03:33 IST 2003

Certainly does - I'm just testing out a new version of mailstats which
makes use of this to add the sending IP address to teh access table.
Once I'm happy I'll release it so that you can protect against teh
Sobig.F onslaught!

I think the initial release will simply use the same system as spam
emails although in future release I will add separate configuration so
that the message in the access file is different for viruses as well as
allowing different times for the IP to stay blocked.
-----------------------------------------------------------------
David While
Technical Development Manager
Faculty of Computing, Information & English
University of Central England
Tel: 0121 331 6211
-----------------------------------------------------------------

-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: 04 September 2003 14:41
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MailScanner feature request

If that does just what you are looking for, I'll add it into the main
code.

At 13:25 04/09/2003, you wrote:
>"Rose, Bobby" <brose at MED.WAYNE.EDU> wrote:
> >Is it possible to have MailScanner note the Sender IP in the logs for
a
> >message that it finds a virus on.  That'll make it easier to pull out
> >the people that are pounding the heck out of MailScanner so that the
can
> >just just be blocked entirely.
>
>Try this patch which I posted recently, and add to MailScanner.conf
>         Log Infected IP Addresses = yes
>
>--- SweepViruses.pm     4 Jul 2003 19:13:31 -0000       1.10
>+++ SweepViruses.pm     26 Aug 2003 10:03:53 -0000      1.11
>@@ -508,6 +508,9 @@
>        next unless $text;
>        $message->{virusreports}{"$attachment"} .= $text;
>      }
>+    MailScanner::Log::InfoLog("Infected message %s came from %s",
>+                             $id, $message->{clientip})
>+        if MailScanner::Config::Value('logipaddrs');
>    }
>
>    # And then all the report types...
>--- ConfigDefs.pl       25 Jul 2003 10:09:00 -0000      1.13
>+++ ConfigDefs.pl       26 Aug 2003 10:03:53 -0000      1.14
>@@ -88,6 +88,7 @@
>  logfacility                    = syslogfacility
>  logformtags                    = loghtmlformtags
>  logobjecttags                  = logobjectcodebasetags
>+logipaddrs                     = loginfectedipaddresses
>  maxdirtybytes                  = maxunsafebytesperscan
>  maxdirtymessages               = maxunsafemessagesperscan
>  maxmessagesize                 = maximummessagesize
>@@ -145,6 +146,7 @@
>  logspam                        1       no      0       yes     1
>  lognonspam             0       no      0       yes     1
>  logmessageids          0       no      0       yes     1
>+logipaddrs             0       no      0       yes     1
>  expandtnef             1       no      0       yes     1
>  showscanner            0       no      0       yes     1
>  spamassassinautowhitelist 1    no      0       yes     1
>
>
>Tony.
>--
>f.a.n.finch  <dot at dotat.at>  http://dotat.at/
>LUNDY: EASTERLY VEERING SOUTHERLY 3 OR 4. FAIR. GOOD.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support