My bad! I seem to forget from time to time that I'm still running QSQ 1.16
Attached is a version of FFS that should work with 1.20 John Narron | "Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury?" (660) 886 4045 | - Queensryche ----- Original Message ----- From: "Jason Staudenmayer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 11:46 AM Subject: RE: [Qmail-scanner-general]Bagle-h and password protected ZIP files > Looks like the script causes an error over here. > 03/03/2004 12:48:14:22344: error_condition: X-Qmail-Scanner-1.20: Requeuing: > Undefined subroutine &main::tempfail called at > /var/qmail/bin/qmail-scanner-queue.pl line 2345. > > Any clues? > > -----Original Message----- > From: John Narron [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 02, 2004 1:35 PM > To: [EMAIL PROTECTED] > Subject: Re: [Qmail-scanner-general]Bagle-h and password protected ZIP files > > > I've been blocking Bagle-H and Bagle-I using the fileformat-scanner I wrote > and submitted about a week ago. Bagle-H and Bagle-I seem to be using some > off-the-wall ZIP compressor that none of the other ZIP compressors (like > InfoZip and WinZip) use, which makes for a somewhat unique header to track > these things. I've attached the PERL code to this e-mail. This code also > blocks UPX compressed binaries as well (I've yet to see any UPX binary come > through via e-mail that wasn't a virus of some sort). > > It is some crude code, and could be improved. If there's a demand for it, > I'll work to improve it more. To "install", just add this code to the end > of the qmail-scanner-queue.pl and add "fileformat_scanner" to the scanner > array. Eg: > > # cat ffs_scanner.pl >> /var/qmail/bin/qmail-scanner-queue.pl > # vi /var/qmail/bin/qmail-scanner-queue.pl > ... > #Array of virus scanners used must point to subroutines > my @scanner_array=("fileformat_scanner", ... ); > > > > John Narron | "Sacrifice, they always say > Network Administration | Is a sign of nobility > CDS/CDSinet, LLC | But where does one draw the line > http://www.cdsinet.net | In the face of injury?" > (660) 886 4045 | - Queensryche > > ----- Original Message ----- > From: "CertaintyTech-Ed" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 02, 2004 12:17 PM > Subject: [Qmail-scanner-general]Bagle-h and password protected ZIP files > > > > Anyone else seeing the Bagle-H virus getting thru? I am using Q-S and > > sophie and it is not stopping them. Sophie sees that the ZIP file is > > password encrypted so can't check it for viruses and Q-S goes ahead and > > passes it thru. Does anyone know of any way to catch this one? For now > > I am blocking all ZIP attachments... > > > > Thanks, > > --- > > Ed > > > > > > > > ------------------------------------------------------- > > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > > Build and deploy apps & Web services for Linux with > > a free DVD software kit from IBM. Click Now! > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > > _______________________________________________ > > Qmail-scanner-general mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > > > > > > > ------------------------------------------------------- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > >
ffs-scanner-120.pl
Description: Perl program
