Automaticly getting the IP of a Virus Sender? (Solved)

Alex Neuman alex at nkpanama.com
Thu Jun 17 04:34:35 IST 2004


The command using iptables (for Linux) would be "iptables -A INPUT -p tcp
--dport 25 -i eth0 -j REJECT -s $virusip", so it shouldn't be too difficult
to modify.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Karl M. Joch
Sent: Wednesday, June 16, 2004 1:43 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Automaticly getting the IP of a Virus Sender? (Solved)

Thanks for the replies. Just for searching archives I post the script
which works like a chamre now here. The Scipt is to be placed in
CustomFunctions and has to be named BlockThem.pm. The firewallcommand is
easy to chenge. This one is for FreeBSD 4 and 5.

#
# MailScanner Custom Config to block IPs of identified Spammers
#             and Virus Senders via ipfw, or any other way.....
#
# 01.00 20040616 KMJ k.joch at ctseuro.com
#

package MailScanner::CustomConfig;

use strict 'vars';
use strict 'refs';
no  strict 'subs'; # Allow bare words for parameter %'s

use vars qw($VERSION);

$VERSION = substr q$Revision: 1.0.0.0 $, 10;

# To use this, configure the variables defined immediately below this
# comment and set
# Always Looked Up Last = &BlockThem
# in MailScanner.conf.
#
# AND ONLY DO IT WHEN FETCH.SH WORKS!!!! If not IPs will never be cleared!!
#

sub InitBlockThem {
   MailScanner::Log::InfoLog("Initialising BlockThem");
}

sub EndBlockThem {
   MailScanner::Log::InfoLog("Ending BlockThem");
}


sub BlockThem {
   # Parameters:
   my $BlockThemCommand="/sbin/ipfw";
   my $BlockThemReally="";

   my($message) = @_;

   return 1 unless $message;

   my $clientip   = $message->{clientip};
   return 1 unless $clientip;

   my $ishighspam = $message->{ishigh};
   my $isvirus    =  $message->{virusinfected};

   my $id = $message->{id};
   my $size = $message->{size};
   my $from = $message->{from};
   my @to   = @{$message->{to}};
   my $subject = $message->{subject};

   if ($isvirus or $ishighspam) {
        # Blocked IPs will be reset with daily run by fetch.sh every
        # night!
        $BlockThemCommand.=" add 55 deny all from $clientip to any";

         # Log before actually doing it!
         MailScanner::Log::InfoLog("IP denied: $clientip Spam:
$ishighspam Virus: $isvirus ID: $id From: $from Sub: $subject");

        my $NowBlockIt=`$BlockThemCommand`;

   }

   return 1;

}

1;

--
Best regards / Mit freundlichen Gruessen,

Karl M. Joch
k.joch at ctseuro.com

HOTLINE: 0900 900 921

CTS Consulting & Trade Service
A-5020 Salzburg, Fuerstallergasse 36

http://www.ctseuro.com
Tel: +43-662-621559-0
Fax: +43-662-621559-22

Unsere Services:
http://www.ctseuro.com - Netzwerk und Sicherheitstechnik
http://www.eushop.net - ASP:Onlineshop und Applikationen einfach mieten
http://www.freebsd.at - Das Power Betriebssystem
http://www.mydynip.org - Dynamischer DNS Service - jetzt mit IPv6 Support

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list