Automaticly getting the IP of a Virus Sender? (Solved)

Karl M. Joch k.joch at KMJEURO.COM
Wed Jun 16 07:42:30 IST 2004

Thanks for the replies. Just for searching archives I post the script
which works like a chamre now here. The Scipt is to be placed in
CustomFunctions and has to be named The firewallcommand is
easy to chenge. This one is for FreeBSD 4 and 5.

# MailScanner Custom Config to block IPs of identified Spammers
#             and Virus Senders via ipfw, or any other way.....
# 01.00 20040616 KMJ k.joch at

package MailScanner::CustomConfig;

use strict 'vars';
use strict 'refs';
no  strict 'subs'; # Allow bare words for parameter %'s

use vars qw($VERSION);

$VERSION = substr q$Revision: $, 10;

# To use this, configure the variables defined immediately below this
# comment and set
# Always Looked Up Last = &BlockThem
# in MailScanner.conf.
# AND ONLY DO IT WHEN FETCH.SH WORKS!!!! If not IPs will never be cleared!!

sub InitBlockThem {
   MailScanner::Log::InfoLog("Initialising BlockThem");

sub EndBlockThem {
   MailScanner::Log::InfoLog("Ending BlockThem");

sub BlockThem {
   # Parameters:
   my $BlockThemCommand="/sbin/ipfw";
   my $BlockThemReally="";

   my($message) = @_;

   return 1 unless $message;

   my $clientip   = $message->{clientip};
   return 1 unless $clientip;

   my $ishighspam = $message->{ishigh};
   my $isvirus    =  $message->{virusinfected};

   my $id = $message->{id};
   my $size = $message->{size};
   my $from = $message->{from};
   my @to   = @{$message->{to}};
   my $subject = $message->{subject};

   if ($isvirus or $ishighspam) {
        # Blocked IPs will be reset with daily run by every
        # night!
        $BlockThemCommand.=" add 55 deny all from $clientip to any";

         # Log before actually doing it!
         MailScanner::Log::InfoLog("IP denied: $clientip Spam:
$ishighspam Virus: $isvirus ID: $id From: $from Sub: $subject");

        my $NowBlockIt=`$BlockThemCommand`;


   return 1;



Best regards / Mit freundlichen Gruessen,

Karl M. Joch
k.joch at

HOTLINE: 0900 900 921

CTS Consulting & Trade Service
A-5020 Salzburg, Fuerstallergasse 36
Tel: +43-662-621559-0
Fax: +43-662-621559-22

Unsere Services: - Netzwerk und Sicherheitstechnik - ASP:Onlineshop und Applikationen einfach mieten - Das Power Betriebssystem - Dynamischer DNS Service - jetzt mit IPv6 Support

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at
Before posting, please see the Most Asked Questions at     and the archives at

More information about the MailScanner mailing list