Looks like the script causes an error over here. 03/03/2004 12:48:14:22344: error_condition: X-Qmail-Scanner-1.20: Requeuing: Undefined subroutine &main::tempfail called at /var/qmail/bin/qmail-scanner-queue.pl line 2345.
Any clues? -----Original Message----- From: John Narron [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 1:35 PM To: [EMAIL PROTECTED] Subject: Re: [Qmail-scanner-general]Bagle-h and password protected ZIP files I've been blocking Bagle-H and Bagle-I using the fileformat-scanner I wrote and submitted about a week ago. Bagle-H and Bagle-I seem to be using some off-the-wall ZIP compressor that none of the other ZIP compressors (like InfoZip and WinZip) use, which makes for a somewhat unique header to track these things. I've attached the PERL code to this e-mail. This code also blocks UPX compressed binaries as well (I've yet to see any UPX binary come through via e-mail that wasn't a virus of some sort). It is some crude code, and could be improved. If there's a demand for it, I'll work to improve it more. To "install", just add this code to the end of the qmail-scanner-queue.pl and add "fileformat_scanner" to the scanner array. Eg: # cat ffs_scanner.pl >> /var/qmail/bin/qmail-scanner-queue.pl # vi /var/qmail/bin/qmail-scanner-queue.pl ... #Array of virus scanners used must point to subroutines my @scanner_array=("fileformat_scanner", ... ); John Narron | "Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury?" (660) 886 4045 | - Queensryche ----- Original Message ----- From: "CertaintyTech-Ed" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 02, 2004 12:17 PM Subject: [Qmail-scanner-general]Bagle-h and password protected ZIP files > Anyone else seeing the Bagle-H virus getting thru? I am using Q-S and > sophie and it is not stopping them. Sophie sees that the ZIP file is > password encrypted so can't check it for viruses and Q-S goes ahead and > passes it thru. Does anyone know of any way to catch this one? For now > I am blocking all ZIP attachments... > > Thanks, > --- > Ed > > > > ------------------------------------------------------- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > > ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
