Sobig.F Filter on Heise.de security

To: <debian-isp@lists.debian.org>
Subject: Sobig.F Filter on Heise.de security
From: Soenke <s@lindenarea.net>
Date: Thu, 21 Aug 2003 09:29:00 +0200
Message-id: <[🔎] 200308210929.00498.s@lindenarea.net>

Hi all,

here: http://www.heise.de/security/news/meldung/39589 (german) you can find a 
simple filter for sendmail (below) and exim. Now I'd like to know how to 
integrate that into sendmail.cf or better sendmail.mc and an external file so 
I can integrate it as a FEATURE or something.
Of course they, as well as me, don't give any warranty for this code.


TIA,
	Sönke

Oh and sorry if this is way OT for this group.

----------------------------------------------
LOCAL_CONFIG Kstorage macro

LOCAL_RULESETS
HX-MailScanner:         $>+CheckDateXMSc
D{SobigFPat}Found to be clean
D{SobigFMsg}This message may contain the Sobig.F virus.

SCheckDateXMSc
R${SobigFPat} $*        $: $(storage {SobigFCheck} $@ SobigF $) $1
R$*                     $@ OK

HMessage-Id:            $>CheckMessageId

SCheckMessageId
# Record the presence of the header
R$*                     $: $(storage {MessageIdCheck} $@ OK $) $1
R$*                     $@ OK

Scheck_eoh
# Check the macro
R$*                     $: < $&{MessageIdCheck} >
# Clear the macro for the next message
R$*                     $: $(storage {MessageIdCheck} $) $1
R< $+ >                 $@ $>ClearSobig
R$*                     $: < $&{SobigFCheck} >
R$*                     $: $(storage {SobigFCheck} $) $1
R< SobigF >             $#error $: 553 ${SobigFMsg}
R$*                     $@ OK

SClearSobig
R$*                     $: $(storage {SobigFCheck} $) $1
R$*                     $@ OK

Reply to:

Prev by Date: Re: Promise Fasttrack 100
Next by Date: Installing packages without dependencies
Previous by thread: Re: Sobig Worm/Virus (was Re: Approved)
Next by thread: Installing packages without dependencies
Index(es):
- Date
- Thread