On Wed, Jun 19, 2002 at 02:39:37PM +1200, Jason Haar wrote: > On Tue, Jun 18, 2002 at 07:35:55PM +0200, Jens Benecke wrote: > > Where in qmail-scanner would I have to do this? As a first step, > > how/where do I extract the Received: headers so that it appears in the > > notification e-mail sent to root? > Given that you're about the 20th person to ask for this functionality, I'm > going to add it to the next release of Qmail-Scanner. > v1.13 will include ALL headers in the quarantine report from now on.
Great! :) One problem remains, though - maybe you should make that very clear in the docs (or even in the install script): If the mail server where qmail-scanner is installed is relaying for a group of IPs, the viruses can (and do) forge mail envelope addresses. When somebody here gets infected by Klez (for example), the virus uses random MAIL FROM: and RCPT TO: addresses and all these people get spammed with warnings by qmail-scanner - although often they don't have anything to do with the virus, and are not [af|in]fected. What I would like to have is a version of qmail-scanner that can also act on the IP the mail was received from, not only the mail envelopes. I have seen $TCPREMOTEIP and other variables in the perl script but I don't seem to be able to figure out where to put my extensions. (I want to call an external program with the IP or hostname, which then uses snmpget to block the hub port of the infected machine.) How do I do this? -- mfg, Jens Benecke /// www.hitchhikers.de, www.linuxfaq.de, www.linux.ms This mail is an attachment? Read http://www.jensbenecke.de/misc/outlook.html ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
