[NTLUG:Discuss] Solution to virus scanning Mandrake 9.0
Paul Ingendorf
pauldy at wantek.net
Tue Jan 21 23:33:54 CST 2003
Quoting "Rev. wRy" <slot0k at pogox.org>:
> Um, procmail? My /etc/procmailrc looks like this:
>
> SHELL=/bin/sh
> MAILDIR=/var/spool/mail
> LOGFILE=/var/log/procmail.log
>
> :0 B
> * ^Content-Type: (application|audio)
> *
> ^.*name=.*\.(vb[esx]|jse?|ws[hf]|c[ho]m|bat|cmd|shb|hta|exe|lnk|pif|scr|shs)
> /dev/null
>
> :0
> * ^(X-Spanska|From.*hahaha)
> {
> LOG="VIRUS "
> :0
> /dev/null
> }
>
> :0 B
> * > 100000
> * mDmcOaA5pDmoOaw5sDnAOeA56DnsOfA59Dn4Ofw5ADoEOgg6HDo8OkQ6SD
> {
> LOG="SirCam "
> :0
> /dev/null
> }
>
>
> While I'm probably very very lucky, this seems to catch most of the
> e-mail variety virii. What it doesn't get, the AV on the ms$ does.
> It's just nice to catch it before it gets that far. :)
>
> Just my .02,
>
> Ry
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
I had to look up what that does and it doesn't seem to do much except drop all
those incomming mails based on file types or signature matching. What about
zip files or asp etc... I really would like to continue scanning files at the
mail server as they arrive. In addition I'm using sendmail because I'm more
comfortable configuring it and having it do what I need it to with this small
exception.
More information about the Discuss
mailing list