MailScanner feature request

Richard Bollinger rabollinger at COMCAST.NET
Thu Sep 4 15:50:54 IST 2003 

Ideally, the same line would include a list of the sins committed by that email, similar to the nice
summary you get from Spam Assassin with "Log Spam = yes".  In fact, it'd be nice to mimic that
format as well.  Something along the lines of:

Message h84ETLA12220  from 205.169.164.67 (a at b.com) to c.com is infected, McAfee (W32/Sobig.f at MM)

Given that, I'd happily elimenate all of the other messages logged regarding the virus scanning
process except while debugging.

----- Original Message -----
From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, September 04, 2003 9:40 AM
Subject: Re: MailScanner feature request


> If that does just what you are looking for, I'll add it into the main code.
>
> At 13:25 04/09/2003, you wrote:
> >"Rose, Bobby" <brose at MED.WAYNE.EDU> wrote:
> > >Is it possible to have MailScanner note the Sender IP in the logs for a
> > >message that it finds a virus on.  That'll make it easier to pull out
> > >the people that are pounding the heck out of MailScanner so that the can
> > >just just be blocked entirely.
> >
> >Try this patch which I posted recently, and add to MailScanner.conf
> >         Log Infected IP Addresses = yes
> >
> >--- SweepViruses.pm     4 Jul 2003 19:13:31 -0000       1.10
> >+++ SweepViruses.pm     26 Aug 2003 10:03:53 -0000      1.11
> >@@ -508,6 +508,9 @@
> >        next unless $text;
> >        $message->{virusreports}{"$attachment"} .= $text;
> >      }
> >+    MailScanner::Log::InfoLog("Infected message %s came from %s",
> >+                             $id, $message->{clientip})
> >+        if MailScanner::Config::Value('logipaddrs');
> >    }
> >
> >    # And then all the report types...
> >--- ConfigDefs.pl       25 Jul 2003 10:09:00 -0000      1.13
> >+++ ConfigDefs.pl       26 Aug 2003 10:03:53 -0000      1.14
> >@@ -88,6 +88,7 @@
> >  logfacility                    = syslogfacility
> >  logformtags                    = loghtmlformtags
> >  logobjecttags                  = logobjectcodebasetags
> >+logipaddrs                     = loginfectedipaddresses
> >  maxdirtybytes                  = maxunsafebytesperscan
> >  maxdirtymessages               = maxunsafemessagesperscan
> >  maxmessagesize                 = maximummessagesize
> >@@ -145,6 +146,7 @@
> >  logspam                        1       no      0       yes     1
> >  lognonspam             0       no      0       yes     1
> >  logmessageids          0       no      0       yes     1
> >+logipaddrs             0       no      0       yes     1
> >  expandtnef             1       no      0       yes     1
> >  showscanner            0       no      0       yes     1
> >  spamassassinautowhitelist 1    no      0       yes     1
> >
> >
> >Tony.
> >--
> >f.a.n.finch  <dot at dotat.at>  http://dotat.at/
> >LUNDY: EASTERLY VEERING SOUTHERLY 3 OR 4. FAIR. GOOD.
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list