quarantine notify in CreatePostmasterNotice?

Julian Field MailScanner at ecs.soton.ac.uk
Sat Mar 12 14:04:57 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Easy.

In Message.pm around line 3782, add 1 line of code:

  my $reportword = MailScanner::Config::LanguageValue($this, "report");
  my $id   = $this->{id};
  my $from = $this->{from};
  #my $to   = join(', ', @{$this->{to}});
  my $subj = $this->{subject};
  my $rept = join("    $reportword: ", @everyrept);
  my $quarantine = join(", ", (grep /\//, @{$this->{archiveplaces}})); #
<<<<<<
  my $ip   = $this->{clientip};
  #print STDERR "Rept is\n$rept\n";

And then use $quarantine in the notice report, by adding 1 line around
line 3810:

  my $reportspaces = 10 - length($reportword);
  $reportword = ' ' x $reportspaces . $reportword if $reportspaces>0;
  $result = "\n" .
            "    Sender: $from\n" .
            "IP Address: $ip\n" .
            " Recipient: $to\n" .
            "   Subject: $subj\n" .
            " MessageID: $id\n" .
            "Quarantine: $quarantine\n" . # <<<<<<<<
            "$reportword: $rept\n";

Please let me know if it works okay. My main test server has died, and
needs 2Gb of RAM to get it back to life again. So I cannot easily test
stuff at the moment.

If it works, I will put it in the next release.

Jeff A. Earickson wrote:
      Julian,

      Would it be possible to modify CreatePostmasterNotice in
      Message.pm
      to add a note about whether or not a message was quarantined,
      eg:

          Sender: personalbanking at erms-02.wamu.com
      IP Address: 200.30.141.86
       Recipient: xxx at colby.edu
         Subject: Washington Mutual eCare(R) Customer
      Service.Security measures.
       MessageID: j2B50MI1013489
      Quarantine:
      /var/spool/MailScanner/quarantine/20050311/j2B50MI1013489
          Report: ClamAV Module: msg-14263-3.html was infected:
      HTML.Phishing.Bank-78

      If the virus isn't quarantined, just leave the line out, or
      say "no"
      instead of the path.  Thanks.

      Jeff Earickson
      Colby College

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the MAQ
      (http://www.mailscanner.biz/maq/) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!


 --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list