At 21:37 01/10/01 -0400, you wrote: >I just get a sircam virus sent to my linux box. I guess it is time to set up >a mail filter. I came across the following. Looks easy enuf: Works off >procmail. >The SpamBouncer
*** I'm not sure spambouncer is what you need in your case. Try and have a look at procmail sanitizer which does a bit of spam bouncing but especially sanitizing of mail messages (checking the attachments for virus messages) It's a set of procmail rules - so you could add spambouncer later on if you need to. It consists of several files each with their particular function. The whole setup is initiated by your /etc/procmailrc file. You can make the config as complicated as you wish. Once setup you don't touch the main files, your own local rules or new procmail sanitizing rules go in "local-rules.procmail". Once a suspicious file has been detected it will go to a mailbox assigned by you as the quarantine, renamed to whatever.doc.txt. The sanitizer will automatically mail a preformed message (found in security-policy.txt) to the sender and/or its ISP. The setup will take you anything between 2 hours and half a day depending on your motivation. It took me half a day because 1/ I WAS motivated ;-) and 2/ it works so well you want to make it the most perfect filtering setup in the world ;-)))... The URL is http://www.impsec.org/email-tools/for the download directory. The main page is "under renovation" (?) for the last 6 months and one of the pages says the filters haven't been updated for the last 2 years (!)... This might sound as a bad thing, and it probably is for the average user, but it's really not a problem. In fact the sanitizer gives you a nice basis to start with and with all the procmail resources available on the Net you'll be able to put together something that fits your needs. I've been running the sanitizer for the last 7 months on my mail server and I can confirm it works very well. While McAfee and others where trying to figure out what was happening I already got several viruses isolated in my quarantine mailbox. Mail me if you need more info... Zoran. _______________________________________________ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
