MailScanner feature request

Julian Field mailscanner at ecs.soton.ac.uk
Thu Sep 4 15:45:36 IST 2003


Added.
I haven't add a new config option for it though, I'm just logging it
anyway. It didn't seem worth the overhead of doing a config variable check
for every report in every message.

At 15:03 04/09/2003, you wrote:
>Certainly does - I'm just testing out a new version of mailstats which
>makes use of this to add the sending IP address to teh access table.
>Once I'm happy I'll release it so that you can protect against teh
>Sobig.F onslaught!
>
>I think the initial release will simply use the same system as spam
>emails although in future release I will add separate configuration so
>that the message in the access file is different for viruses as well as
>allowing different times for the IP to stay blocked.
>-----------------------------------------------------------------
>David While
>Technical Development Manager
>Faculty of Computing, Information & English
>University of Central England
>Tel: 0121 331 6211
>-----------------------------------------------------------------
>
>
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: 04 September 2003 14:41
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: MailScanner feature request
>
>
>If that does just what you are looking for, I'll add it into the main
>code.
>
>At 13:25 04/09/2003, you wrote:
> >"Rose, Bobby" <brose at MED.WAYNE.EDU> wrote:
> > >Is it possible to have MailScanner note the Sender IP in the logs for
>a
> > >message that it finds a virus on.  That'll make it easier to pull out
> > >the people that are pounding the heck out of MailScanner so that the
>can
> > >just just be blocked entirely.
> >
> >Try this patch which I posted recently, and add to MailScanner.conf
> >         Log Infected IP Addresses = yes
> >
> >--- SweepViruses.pm     4 Jul 2003 19:13:31 -0000       1.10
> >+++ SweepViruses.pm     26 Aug 2003 10:03:53 -0000      1.11
> >@@ -508,6 +508,9 @@
> >        next unless $text;
> >        $message->{virusreports}{"$attachment"} .= $text;
> >      }
> >+    MailScanner::Log::InfoLog("Infected message %s came from %s",
> >+                             $id, $message->{clientip})
> >+        if MailScanner::Config::Value('logipaddrs');
> >    }
> >
> >    # And then all the report types...
> >--- ConfigDefs.pl       25 Jul 2003 10:09:00 -0000      1.13
> >+++ ConfigDefs.pl       26 Aug 2003 10:03:53 -0000      1.14
> >@@ -88,6 +88,7 @@
> >  logfacility                    = syslogfacility
> >  logformtags                    = loghtmlformtags
> >  logobjecttags                  = logobjectcodebasetags
> >+logipaddrs                     = loginfectedipaddresses
> >  maxdirtybytes                  = maxunsafebytesperscan
> >  maxdirtymessages               = maxunsafemessagesperscan
> >  maxmessagesize                 = maximummessagesize
> >@@ -145,6 +146,7 @@
> >  logspam                        1       no      0       yes     1
> >  lognonspam             0       no      0       yes     1
> >  logmessageids          0       no      0       yes     1
> >+logipaddrs             0       no      0       yes     1
> >  expandtnef             1       no      0       yes     1
> >  showscanner            0       no      0       yes     1
> >  spamassassinautowhitelist 1    no      0       yes     1
> >
> >
> >Tony.
> >--
> >f.a.n.finch  <dot at dotat.at>  http://dotat.at/
> >LUNDY: EASTERLY VEERING SOUTHERLY 3 OR 4. FAIR. GOOD.
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list