[Mimedefang] Virus notifications
Joseph Brennan
brennan at columbia.edu
Tue Aug 26 14:35:01 EDT 2003
--On Tuesday, August 26, 2003 10:28 -0700 Kelson Vibber <kelson at speed.net>
wrote:
> At 06:38 AM 8/26/2003, Joseph Brennan wrote:
>> The major unsolved problem now are the allegedly helpful notices
>> telling our users various lies: that they sent the virus, that
>> our mail server sent a virus and needs better virus protection.
>
> If you're using SpamAssassin, there's some discussion going on over on
> the spamassassin-talk list. Rules have been suggested at
> http://www.exit0.us/index.php/VirusBounceRules , but some are way too
> general (like checking for "Undeliverable" in the subject). It's no
> magic bullet, but it's a starting point.
I've got this running and system load has not increased. (In fact
it seems to be a little lower now... as if we're sparing ourselves
that many Spamassassin runs.)
Joseph Brennan Columbia University in the City of New York
Academic Technologies Group brennan at columbia.edu
This is in filter_begin.
(We define $good for certain messages, and use it to exclude them from
certain tests-- mail from localhost, mail sent with smtp auth, mail
from a few campus hosts we trust.)
# Bad bounces based on believing From lines in virusmail.
unless ($good) {
if ($Sender eq "<>" || $Sender =~ /postmaster@/i) {
if (open(IN,"<./INPUTMSG")) {
my($count,$bad);
$count = 0;
while(<IN>) {
$count++;
$bad = "SobigF" if
(/boundary=\"_NextPart_000_........\"/);
$bad = "Declude" if (/Declude/i);
last if ($bad);
last if ($count > 100);
}
close(IN);
if ($bad) {
md_graphdefang_log('junk',"bad bounce $bad");
return action_discard;
}
}
}
}
More information about the MIMEDefang
mailing list