Am 05.12.2013 09:18 schrieb Ralf Kirmis via amavis-users: > has anyone creative ideas on how to evaluate those hash values?
I could imagine an extension to amavis to lookup the hash in external databases like a dnsbl. Could be implemented as virusscanner for example. The implementation should be able to include/exclude specific mime-types, extensions, sender, receiver, or whatever amavis already can do. Unfortunately I can't implement this :-( Andreas > -----Ursprüngliche Nachricht----- > Von: amavis-users [mailto:[email protected]] Im > Auftrag von Andreas Schulze via amavis-users > Gesendet: Dienstag, 5. November 2013 13:44 > An: [email protected] > Betreff: logging attachement hashes > > I wrote a patch to enable amavisd logging a hash of each mimepart of a > message. > As a result we have a nice logging about attachment with randomized names: > Nov 5 13:24:34 amavis amavis[63605]: (63605) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_915348761926.zip > Nov 5 13:24:47 amavis amavis[64401]: (64401) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_246684491810.zip > Nov 5 13:24:49 amavis amavis[37512]: (37512) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_385492343722.zip > Nov 5 13:25:11 amavis amavis[23929]: (23929) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_410730648345.zip > Nov 5 13:25:28 amavis amavis[23927]: (23927) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_067966022207.zip > Nov 5 13:25:35 amavis amavis[23931]: (23931) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_886327295193.zip > Nov 5 13:25:49 amavis amavis[23923]: (23923) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_079214708084.zip > Nov 5 13:25:58 amavis amavis[23936]: (23936) p003 1/2 Content-Type: > application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: > VodafoneWillkommen_381806514856.zip > > Looking at these logs it's very easy to identify malicius content still not > detected by virusscanners. -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
