MailScanner feature request
Julian Field
mailscanner at ecs.soton.ac.uk
Thu Sep 4 15:45:36 IST 2003
Added.
I haven't add a new config option for it though, I'm just logging it
anyway. It didn't seem worth the overhead of doing a config variable check
for every report in every message.
At 15:03 04/09/2003, you wrote:
>Certainly does - I'm just testing out a new version of mailstats which
>makes use of this to add the sending IP address to teh access table.
>Once I'm happy I'll release it so that you can protect against teh
>Sobig.F onslaught!
>
>I think the initial release will simply use the same system as spam
>emails although in future release I will add separate configuration so
>that the message in the access file is different for viruses as well as
>allowing different times for the IP to stay blocked.
>-----------------------------------------------------------------
>David While
>Technical Development Manager
>Faculty of Computing, Information & English
>University of Central England
>Tel: 0121 331 6211
>-----------------------------------------------------------------
>
>
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: 04 September 2003 14:41
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: MailScanner feature request
>
>
>If that does just what you are looking for, I'll add it into the main
>code.
>
>At 13:25 04/09/2003, you wrote:
> >"Rose, Bobby" <brose at MED.WAYNE.EDU> wrote:
> > >Is it possible to have MailScanner note the Sender IP in the logs for
>a
> > >message that it finds a virus on. That'll make it easier to pull out
> > >the people that are pounding the heck out of MailScanner so that the
>can
> > >just just be blocked entirely.
> >
> >Try this patch which I posted recently, and add to MailScanner.conf
> > Log Infected IP Addresses = yes
> >
> >--- SweepViruses.pm 4 Jul 2003 19:13:31 -0000 1.10
> >+++ SweepViruses.pm 26 Aug 2003 10:03:53 -0000 1.11
> >@@ -508,6 +508,9 @@
> > next unless $text;
> > $message->{virusreports}{"$attachment"} .= $text;
> > }
> >+ MailScanner::Log::InfoLog("Infected message %s came from %s",
> >+ $id, $message->{clientip})
> >+ if MailScanner::Config::Value('logipaddrs');
> > }
> >
> > # And then all the report types...
> >--- ConfigDefs.pl 25 Jul 2003 10:09:00 -0000 1.13
> >+++ ConfigDefs.pl 26 Aug 2003 10:03:53 -0000 1.14
> >@@ -88,6 +88,7 @@
> > logfacility = syslogfacility
> > logformtags = loghtmlformtags
> > logobjecttags = logobjectcodebasetags
> >+logipaddrs = loginfectedipaddresses
> > maxdirtybytes = maxunsafebytesperscan
> > maxdirtymessages = maxunsafemessagesperscan
> > maxmessagesize = maximummessagesize
> >@@ -145,6 +146,7 @@
> > logspam 1 no 0 yes 1
> > lognonspam 0 no 0 yes 1
> > logmessageids 0 no 0 yes 1
> >+logipaddrs 0 no 0 yes 1
> > expandtnef 1 no 0 yes 1
> > showscanner 0 no 0 yes 1
> > spamassassinautowhitelist 1 no 0 yes 1
> >
> >
> >Tony.
> >--
> >f.a.n.finch <dot at dotat.at> http://dotat.at/
> >LUNDY: EASTERLY VEERING SOUTHERLY 3 OR 4. FAIR. GOOD.
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list