I think that if I quarantine somenthing I need a notifications but if I don`t have notifications, quarantining is a waste of time and hard disk space.
But notifications are useful. So I've prepare a little piece of code to drop "myDoom" and don't send notification, here it is:
AFTER THIS CODE:
#Now, start the scanners!
#if (!$quarantine_event) {
&init_scanners;
#}INSERT:
# MyDoom
if ($quarantine_description=~/doom/i) {
&debug("myDoom: Another myDoom virus, dropping");
#&minidebug("myDoom: Another myDoom virus, dropping");
&cleanup;
&debug("--- all finished. Total of ",tv_interval ($start_time, [gettimeofday])," secs");
#&minidebug("------ Process $$ finished. Total of ",tv_interval ($start_time, [gettimeofday])," secs");
close(LOG);
exit 0;
}
Remember that all the lines must finish in a ";" or "{" or "}" so pay attention to the lines that your mailer will wrap...
If you are using version "1.20st", you can uncomment the "minidebug" lines.
I am thinking about this ideas:
1) The lastest viruses/worms always use a faked sender. Notifications??
2) If a virus scanner finds a virus, Is it useful to quarantine it?
3) I can reject a virus in the smtp session instead of notifying the sender...
4) Woul be useful to add a "delete_virus_array" similar at "silent_virus_array"?
5) There is no point in run first perl scanner (Jason was right)
I am working in a new version of my patch, any comments about this ideas or others are wellcome.
Regards
Salvatore
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
