[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Sobig.F Filter on Heise.de security



Hi all,

here: http://www.heise.de/security/news/meldung/39589 (german) you can find a 
simple filter for sendmail (below) and exim. Now I'd like to know how to 
integrate that into sendmail.cf or better sendmail.mc and an external file so 
I can integrate it as a FEATURE or something.
Of course they, as well as me, don't give any warranty for this code.


TIA,
	Sönke

Oh and sorry if this is way OT for this group.

----------------------------------------------
LOCAL_CONFIG Kstorage macro

LOCAL_RULESETS
HX-MailScanner:         $>+CheckDateXMSc
D{SobigFPat}Found to be clean
D{SobigFMsg}This message may contain the Sobig.F virus.

SCheckDateXMSc
R${SobigFPat} $*        $: $(storage {SobigFCheck} $@ SobigF $) $1
R$*                     $@ OK

HMessage-Id:            $>CheckMessageId

SCheckMessageId
# Record the presence of the header
R$*                     $: $(storage {MessageIdCheck} $@ OK $) $1
R$*                     $@ OK

Scheck_eoh
# Check the macro
R$*                     $: < $&{MessageIdCheck} >
# Clear the macro for the next message
R$*                     $: $(storage {MessageIdCheck} $) $1
R< $+ >                 $@ $>ClearSobig
R$*                     $: < $&{SobigFCheck} >
R$*                     $: $(storage {SobigFCheck} $) $1
R< SobigF >             $#error $: 553 ${SobigFMsg}
R$*                     $@ OK

SClearSobig
R$*                     $: $(storage {SobigFCheck} $) $1
R$*                     $@ OK

 



Reply to: