[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Warning: you may be using a chronically stupid virus scanner [Was: WARNING: YOU MAY HAVE SENT A VIRUS to dstewart@smf-law.com]

On Fri, 6 Jun 2003 07:26, Steve Langasek wrote:
> > The E-mail containing the virus has been quarantined on our mail
> > server and was not delivered to prevent possible infection.
> Good for you!

That wasn't particularly smart, the Email_Support@iNET-Systems.net address 
doesn't work anyway (quite common for such things).

I have attached a little Perl script I wrote to deal with such things, it 
sends messages informing the loser-admins about their misconfigured servers 
and uses their own email address in the From: field.  This is both a 
demonstration of why the From: field should not be trusted and a protection 
against bounces.

Please edit the script to insert your own name and email address in the body 
of the messages before use.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

use strict;
use Net::SMTP;
use Net::DNS;

my @addr = split("@", $ARGV[0]);
my $host = primary($addr[1]);
my $postmaster = "postmaster@" . $addr[1];

print "host:$host\n";

my $smtp;
($smtp = Net::SMTP->new($host))
   or die "Can't connect to mail server.\n";

  or die "Server doesn't like from address $ARGV[0].\n";
  or die "Server doesn't like to address $ARGV[0].\n";
  or die "Server doesn't like cc address $postmaster.\n";
($smtp->data()) or die "error in start data.\n";
$smtp->datasend("From: " . $ARGV[0] . "\n");
$smtp->datasend("To: " . $ARGV[0] . "\n");
$smtp->datasend("Cc: " . $postmaster . "\n");
$smtp->datasend("Subject: Your mail server is broken\n");
"A correctly configured mail server will not send out virus reports to the\n"
."address listed in the From: field as the viruses send out email with fake\n"
."From: addresses.  This means that a broken mail server such as yours\n"
."which sends such messages just annoys innocent people while not helping\n"
$smtp->datasend("I sent this message with your address in the From field because I have received\n");
$smtp->datasend("more than enough anti-virus messages from you already.\n");
$smtp->datasend("User Name\n");
$smtp->datasend('user@example.com' . "\n");
($smtp->dataend()) or die "error in end.\n";

($smtp->quit()) or die "error in quit.\n";

sub primary
  my $res = new Net::DNS::Resolver;
  my @mx;
  my $query;
  my $rr;
  if(not @mx = mx($res, @_))
    print "no mx records\n";
    $query = $res->send(@_) or die "no A records";
    my $primary = $mx[0];
    foreach $rr (@mx)
      if($rr->preference < $primary->preference)
        $primary = $rr;
    $query = $res->search($primary->exchange) or die "Can't lookup A record.\n";

  foreach $rr ($query->answer)
    next unless $rr->type eq "A";
    return $rr->address;

Reply to: