Feature: Block Persistent Virus Senders?

Jon Carnes jonc at nc.rr.com
Sat Feb 21 02:48:06 GMT 2004

On Fri, 2004-02-20 at 11:15, Nathan Johanson wrote:
> > >I was told that MailScanner supports the blocking of persistent virus
> > >senders. I've sifted through the documentation and the changelog, but
> > >can't seem to find any reference to this. Can someone tell me which
> > >version this was introduced in and where I may find the corresponding
> > >options or functions. Is it a custom function?
> >
> > I haven't heard of this option (which is _not_ an indication that
> > it does not exist.) but this seems like it may be something
> > better handled by the MTA.  Reject by IP in whatever your equilivent
> > of an access table is.  That way you're not wasting any cycles
> > on something you're going to reject anyway.  (Reject early and
> > often, something the girls I was interested in always did. :)
> >
> Looks like it might be the IPBlock custom function, which allows you to
> throttle the number of messages received from a given sender within an
> hour. However, the description says that this pertains to all types of
> senders (spam, virus, annoyances, and even mail from Mom). I'll hold out
> and see if anyone else can clarify.
> Vispan's author (formerly mailstats) used to automatically add
> persistent virus senders to the access.db as part of the stats
> collection cron job. He told me he didn't include this feature in the
> latest build because Julian had included the same functionality in
> MailScanner.

There are various scripts for blocking (at the firewall) any ip that
connects directly with a virus - The script basically pulls the virus
information out of the logs (and is only queued to specific viruses that
come directly from an infected computer).  It then builds a list of ip's
that are blocked from having smtp access to your mailserver.

I think it was originally written for OpenBSD, but I recently saw one
for Linux as well.  You'll have to google for the actual script.

Not much help, but you can find a copy in the archives of Trilug from
two weeks ago: http:/www.trilug.org/pipermail/trilug

Jon Carnes

More information about the MailScanner mailing list