hello,
no, it's not neccessary to unzip the files...
I just sent a zipped mail to my filter including two viruses to confirm it:
AntiVir hat den Virus 'Worm/Klez.E' entdeckt!
AntiVir hat den Virus 'Eicar-Test-Signatur' entdeckt!
it worked... even if I base64-encode my message, the virus
is detected automatically.
Mit freundlichem Gru�
Henrik Steffen
Gesch�ftsf�hrer
top concepts Internetmarketing GmbH
Am Steinkamp 7 - D-21684 Stade - Germany
--------------------------------------------------------
http://www.topconcepts.com Tel. +49 4141 991230
mail: [EMAIL PROTECTED] Fax. +49 4141 991233
--------------------------------------------------------
24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
--------------------------------------------------------
System-Partner gesucht: http://www.franchise.city-map.de
--------------------------------------------------------
Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
--------------------------------------------------------
----- Original Message -----
From: "QCI Internet" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 02, 2002 3:46 PM
Subject: [xmail] Re: Using SpamCop
>
> This looks good. But I was under the ipression that emais had to be
> unencoded and sometimes unzip/tarred/gzipped/etc. before scanning them.
> Maybe not true. Are you finding that virus scanners will detect viruses in
> just about any emails? If so, this would be easy to setup with a quick
> procmail script on linux.
>
> ----
> Jeff Jarchow
> QCI Internet
> http://www.qcinet.net/
>
>
> ----- Original Message -----
> From: "Henrik Steffen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, August 02, 2002 9:02 AM
> Subject: [xmail] Re: Using SpamCop
>
>
> >
> >
> > Hi,
> >
> > I'll post it to the list, because virus-checking has often been an issue
> > here before...
> >
> > find below my /var/MailRoot/avfilter/filter.pl with German and English
> > Virus-reports for the sender and the addressee. First, every mail is
> > filtered by Antivir ... if antivir says, there's no virus, the mail
> > will be filtered by Trendmicro's viruswall, too.
> >
> > --snip--
> > #!/usr/bin/perl
> >
> > use strict;
> >
> > my $fileName = $ARGV[0];
> > my $dirName = "$fileName.scan/";
> > my $sender = $ARGV[1];
> > my $rcpt = $ARGV[2];
> >
> > mkdir($dirName, 0777);
> > system("/var/MailRoot/avfilter/ripmime -d $dirName -i $fileName");
> >
> > my $retCode = system("/usr/bin/antivir -z -s $dirName/* >
> $fileName".".report");
> >
> > $retCode /= 256;
> >
> > my @report;
> >
> > if ($retCode != 0) {
> >
> > open(IN, "$fileName".".report");
> > @report = <IN>;
> > close(IN);
> >
> > system('rm', "$fileName".".report");
> >
> > } else {
> > $retCode = system("/etc/iscan/vscan $dirName/* > $fileName".".report");
> > $retCode /= 256;
> >
> > if ($retCode != 0) {
> > open(IN, "$fileName".".report");
> > @report = <IN>;
> > close(IN);
> > system('rm', "$fileName".".report");
> > }
> > }
> >
> > system('rm', '-r', $dirName);
> >
> > if ($retCode!=0) {
> >
> > my $postmaster = '[EMAIL PROTECTED]';
> >
> > open(MAIL, "|/usr/lib/sendmail -t");
> > print MAIL<<END;
> > To: $sender
> > From: $postmaster
> > Subject: Vorsicht, Virus!
> >
> > Hallo, (see English text below)
> >
> > Ihre Nachricht an $rcpt wurde abgelehnt!
> >
> > Unser Viren-Scanner hat einen VIRUS in Ihrer eMail entdeckt.
> > Ihre eMail wurde gestoppt. Der Empf�nger wurde benachrichtigt.
> >
> > Bitte �berpr�fen Sie Ihr System, und senden Sie die Nachricht
> > erneut. Vielen Dank!
> >
> > END
> > open(MAIL2, "|/usr/lib/sendmail -t");
> > print MAIL2<<END;
> > To: $rcpt
> > From: $postmaster
> > Subject: Virus abgefangen!
> >
> > Hallo, (see English text below)
> >
> > eine Nachricht an $rcpt wurde abgelehnt!
> >
> > Der Absender mit der Adresse $sender hat
> > versucht Ihnen einen Virus zu schicken. Dieser wurde von unserem
> > System f�r Sie abgefangen und unsch�dlich gemacht.
> >
> > END
> >
> > for my $i(0..$#report) {
> > if ($report[$i]=~/VIRUS\: file contains code of the virus \'(.+)\'/) {
> > print MAIL "AntiVir hat den Virus '$1' entdeckt!\n";
> > print MAIL2 "AntiVir hat den Virus '$1' entdeckt!\n";
> > } elsif ($report[$i]=~/\*\*\* Found virus (.+) in/) {
> > print MAIL "Die Trendmicro Viruswall hat den Virus '$1' entdeckt!\n";
> > print MAIL2 "Die Trendmicro Viruswall hat den Virus '$1' entdeckt!\n";
> > }
> > }
> >
> > print MAIL<<END;
> >
> > Wir leisten Antivirus-Hilfe unter: Tel. +49 1908 34697
> > (Technische Hotline von top concepts f�r EUR 1.86 pro Minute)
> >
> > Um Sie zuk�nftig vor Virusbefall in dieser Art zu sch�tzen,
> > k�nnen wir Ihnen eine gesicherte Mailbox auf unserem Server
> > anbieten. Dadurch werden eingehende eMails f�r Sie auf Viren
> > gefiltert, BEVOR diese �berhaupt Ihren Rechner erreichen.
> >
> > Dabei kommen zwei professionelle Antivirus-Programme f�r Sie
> > gleichzeitig zum Einsatz: AntiVir und die Trendmicro Viruswall.
> >
> > Sollte dies f�r Sie interessant sein, so wenden Sie sich bitte
> > an Ihren city-map Partner vor Ort (siehe http://www.city-map.ag)
> > oder an top concepts in Stade, http://www.topconcepts.de
> >
> > Dem Thema Sicherheit haben wir eine eigene Webseite gewidmet,
> > die Sie unter http://www.sicherinsnetz.de aufrufen k�nnen.
> > END
> >
> > print MAIL2<<END;
> >
> > --
> >
> > Hello,
> >
> > a message to $rcpt was rejected!
> >
> > The sender with the address $sender has
> > tried to send you a virus. The virus was detected by our system
> > and has been destroyed before your system could be infected.
> >
> > END
> > print MAIL<<END;
> >
> > --
> >
> > Hello,
> >
> > Your message to $rcpt was rejected!
> >
> > Our eMail-server has detected a VIRUS in your eMail!
> > Your eMail has been stopped. The addressee has been notified.
> >
> > Please check your system for viruses and try to send your
> > message again. Thank you!
> >
> > END
> > for my $i(0..$#report) {
> > if ($report[$i]=~/VIRUS\: file contains code of the virus \'(.+)\'/) {
> > print MAIL "AntiVir found code of the virus '$1'!\n";
> > print MAIL2 "AntiVir found code of the virus '$1'!\n";
> > } elsif ($report[$i]=~/\*\*\* Found virus (.+) in/) {
> > print MAIL "The Trendmicro Viruswall found code of the virus: '$1'!\n";
> > print MAIL2 "The Trendmicro Viruswall found code of the virus: '$1'!\n";
> > }
> > }
> >
> > my $signatur=<<END;
> >
> > --
> >
> > Mit freundlichem Gru� / Kind regards
> >
> > Virus-protected eMail-server at mail.city-map.de
> >
> > top concepts Internetmarketing GmbH
> > Am Steinkamp 7 - D-21684 Stade - Germany
> > --------------------------------------------------------
> > http://www.topconcepts.com Tel. +49 4141 991230
> > mail: info\@topconcepts.com Fax. +49 4141 991233
> > --------------------------------------------------------
> > Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
> > --------------------------------------------------------
> > 24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
> > --------------------------------------------------------
> > END
> > print MAIL $signatur;
> > print MAIL2 $signatur;
> > close(MAIL);
> > close(MAIL2);
> >
> > exit 97;
> > }
> >
> > system('rm', "$fileName".".report");
> >
> > exit 0;
> > --snip--
> >
> >
> > This is how to setup a [EMAIL PROTECTED] file:
> >
> > "/var/MailRoot/avfilter/filter.pl" "@@FILE" "@@FROM" "@@RCPT"
> >
> >
> >
> > have a nice day
> >
> > Kind regards
> >
> > Henrik Steffen
> > Gesch�ftsf�hrer
> >
> > top concepts Internetmarketing GmbH
> > Am Steinkamp 7 - D-21684 Stade - Germany
> > --------------------------------------------------------
> > http://www.topconcepts.com Tel. +49 4141 991230
> > mail: [EMAIL PROTECTED] Fax. +49 4141 991233
> > --------------------------------------------------------
> > 24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
> > --------------------------------------------------------
> > System-Partner gesucht: http://www.franchise.city-map.de
> > --------------------------------------------------------
> > Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
> > --------------------------------------------------------
> >
> > ----- Original Message -----
> > From: "Jeff" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, August 02, 2002 2:41 PM
> > Subject: [xmail] Re: Using SpamCop
> >
> >
> > >
> > > Can you provide more info (off this list [EMAIL PROTECTED], as this
> > > list is probably more for xmail stuff ). I have tried implementing
> > > amavis but that has used up about 2 weeks of my time and I still
> > > haven't gotten it implemented correctly.
> > >
> > >
> > > --
> > > Jeff Jarchow
> > > QCI Internet
> > > http://www.qcinet.net/
> > >
> > >
> > > >
> > > > why not use an antivirus tool for linux with xmail?
> > > >
> > > > we are using both trendmicro viruswall and h+b edv's antivir
> > > (www.antivir.de)
> > > > in a cascading virus-check perl-script which works excellent.
> > > >
> > > >
> > > > Mit freundlichem Gru�
> > > >
> > > > Henrik Steffen
> > > > Gesch�ftsf�hrer
> > > >
> > > > top concepts Internetmarketing GmbH
> > > > Am Steinkamp 7 - D-21684 Stade - Germany
> > > > --------------------------------------------------------
> > > > http://www.topconcepts.com Tel. +49 4141 991230
> > > > mail: [EMAIL PROTECTED] Fax. +49 4141 991233
> > > > --------------------------------------------------------
> > > > 24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
> > > > --------------------------------------------------------
> > > > System-Partner gesucht: http://www.franchise.city-map.de
> > > > --------------------------------------------------------
> > > > Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
> > > > --------------------------------------------------------
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeff" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Friday, August 02, 2002 2:31 PM
> > > > Subject: [xmail] Re: Using SpamCop
> > > >
> > > >
> > > > >
> > > > > I just have to get in on this discussion. As I agree and disagree
> > > with
> > > > > some comments from others.
> > > > >
> > > > > I run an internet service with about 1000 users. I have my email
> > > > > posted all over my web site so that my customers, and potential new
> > > > > business can reach me. I have to be VERY careful on who I blacklist
> > > > > for spam. I can just start putting in ip ranges or domains names.
> > > As
> > > > > an ISP, I know that every once in a blue moon somebody pulls a fast
> > > > > one on me and signs up for my service and sends out about a good
> > > 50 to
> > > > > 60 thousand messages. Now I don't want my domain name or IP ranges
> > > > > blacklisted beacause of this on guy.
> > > > >
> > > > > I am currenty running red hat using sendmail and qpopper. I want to
> > > > > swith to xmail for easier for two major reasons: 1) I will be on
> > > > > windows, which is where this particular application should be, and
> > > 2)
> > > > > I can easier implement virus protection. Unfortunately, there is
> > > one
> > > > > major thing holding me back, SPAMASSASSIN. This program works like
> > > a
> > > > > dream to fight spam. I normally get about 70 to 80 Spams a day, but
> > > > > with SpamAssassin, this is cust down to about 2 or 3.
> > > > >
> > > > > For those of you that aren't familiar with it, SpamAssassin works
> > > on a
> > > > > ranking system and performs a number of checks on incoming mail,
> > > based
> > > > > on the score, it can determine whether a message is spam. It works
> > > > > VERY WELL. The only problem, it has not been ported to windows.
> > > > >
> > > > > I here that DeerSoft has ported this to windows but only for the
> > > > > client side and not the server. I guess I may just have to bite the
> > > > > bullet and go to which is more important, and right now that is
> > > Virus
> > > > > Filtering.
> > > > >
> > > > > Any comments anyone, or any other windows spam solutions.
> > > > >
> > > > >
> > > > > --
> > > > > Jeff Jarchow
> > > > > QCI Internet
> > > > > http://www.qcinet.net/
> > > > >
> > > > > >
> > > > > > Does anyone know of a spam blacklist that lists domains/servers
> > > > > rather
> > > > > > than IP ranges? I think that while it may be a bit less
> > > effective,
> > > > > it
> > > > > > will lower the amout of complaints all in all.
> > > > > >
> > > > > > Oh, and can XMail interface with such lists?
> > > > > >
> > > > > > Henrik Steffen wrote:
> > > > > >
> > > > > > >Dear Peter,
> > > > > > >
> > > > > > >this is of course exactly my opinion. But talking about the -
> > > > > > >in German so-called "DAU" (d�mmster anzunehmender User - most
> > > stupid
> > > > > > >user one can imagine) the DAU will in 98 % of the cases contact
> > > US,
> > > > > > >because OUR email-address doesn't work, and still for the DAU
> > > most
> > > > > of the other
> > > > > > >addresses world-wide work. So they think it's our fault - and
> > > it's
> > > > > quite
> > > > > > >hard to convince them that it's the fault of THEIR provider and
> > > > > they'll have
> > > > > > >to contact him instead.
> > > > > > >
> > > > > > >Mit freundlichem Gru�
> > > > > > >
> > > > > > >Henrik Steffen
> > > > > > >Gesch�ftsf�hrer
> > > > > > >
> > > > > > >top concepts Internetmarketing GmbH
> > > > > > >Am Steinkamp 7 - D-21684 Stade - Germany
> > > > > > >--------------------------------------------------------
> > > > > > >http://www.topconcepts.com Tel. +49 4141 991230
> > > > > > >mail: [EMAIL PROTECTED] Fax. +49 4141 991233
> > > > > > >--------------------------------------------------------
> > > > > > >24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
> > > > > > >--------------------------------------------------------
> > > > > > >System-Partner gesucht: http://www.franchise.city-map.de
> > > > > > >--------------------------------------------------------
> > > > > > >Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
> > > > > > >--------------------------------------------------------
> > > > > > >
> > > > > > >----- Original Message -----
> > > > > > >From: "Peter Lindeman" <[EMAIL PROTECTED]>
> > > > > > >To: <[EMAIL PROTECTED]>
> > > > > > >Sent: Thursday, August 01, 2002 11:15 PM
> > > > > > >Subject: [xmail] Re: Using SpamCop
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >>Henrik Steffen wrote:
> > > > > > >>
> > > > > > >>
> > > > > > >>
> > > > > > >>>and yes: we do still have complaints from people that can't
> > > send
> > > > > mail
> > > > > > >>>to us, or even worse: to our customers. We are hosting about
> > > 2.000
> > > > > > >>>mail-domains on our mailserver.
> > > > > > >>>
> > > > > > >>>
> > > > > > >>Well I think it is very simply. If a person can't mail he/she
> > > > > should
> > > > > > >>complain at their provider. They screwed up so they should fix
> > > the
> > > > > > >>troubles. This is the only way to fight spam. The more people
> > > use
> > > > > it
> > > > > > >>this way the earlier spam belongs to the past.
> > > > > > >>
> > > > > > >>--
> > > > > > >>Groeten,
> > > > > > >>Peter
> > > > > > >>
> > > > > > >>--
> > > > > > >>Diplomacy is the art of saying 'Nice doggie!'... till you can
> > > find
> > > > > a rock.
> > > > > > >>
> > > > > > >>---
> > > > > > >>--- Heb je een Sony Digital video camera ?
> > > > > > >>--- Kijk eens op http://www.dvin.org
> > > > > > >>--- Kijk ook op http://www.lindeman.org
> > > > > > >>--- ICQ 22383596
> > > > > > >>--- Uptime lindeman.org : 1 days, 6 hours and 10 minutes, 0
> > > users
> > > > > logged in.
> > > > > > >>
> > > > > > >>
> > > > > > >>-
> > > > > > >>To unsubscribe from this list: send the line "unsubscribe
> > > xmail" in
> > > > > > >>the body of a message to [EMAIL PROTECTED]
> > > > > > >>For general help: send the line "help" in the body of a
> > > message to
> > > > > > >>[EMAIL PROTECTED]
> > > > > > >>
> > > > > > >>
> > > > > > >>
> > > > > > >
> > > > > > >-
> > > > > > >To unsubscribe from this list: send the line "unsubscribe
> > > xmail" in
> > > > > > >the body of a message to [EMAIL PROTECTED]
> > > > > > >For general help: send the line "help" in the body of a message
> > > to
> > > > > > >[EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > -
> > > > > > To unsubscribe from this list: send the line "unsubscribe xmail"
> > > in
> > > > > > the body of a message to [EMAIL PROTECTED]
> > > > > > For general help: send the line "help" in the body of a message
> > > to
> > > > > > [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > > -
> > > > > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > > > > the body of a message to [EMAIL PROTECTED]
> > > > > For general help: send the line "help" in the body of a message to
> > > > > [EMAIL PROTECTED]
> > > > >
> > > >
> > > > -
> > > > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > > > the body of a message to [EMAIL PROTECTED]
> > > > For general help: send the line "help" in the body of a message to
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > > the body of a message to [EMAIL PROTECTED]
> > > For general help: send the line "help" in the body of a message to
> > > [EMAIL PROTECTED]
> > >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
