ps. Next time can you put your Perl File in an encrypted zip file? :)
-Ryan Pavely Research And Development Net Access Corporation
John Narron wrote:
My bad!
I seem to forget from time to time that I'm still running QSQ 1.16
Attached is a version of FFS that should work with 1.20
John Narron | "Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury?" (660) 886 4045 | - Queensryche
----- Original Message ----- From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 03, 2004 11:46 AM
Subject: RE: [Qmail-scanner-general]Bagle-h and password protected ZIP files
Looks like the script causes an error over here.Requeuing:
03/03/2004 12:48:14:22344: error_condition: X-Qmail-Scanner-1.20:
filesUndefined subroutine &main::tempfail called at /var/qmail/bin/qmail-scanner-queue.pl line 2345.
Any clues?
-----Original Message-----
From: John Narron [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 1:35 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]Bagle-h and password protected ZIP
I've been blocking Bagle-H and Bagle-I using the fileformat-scanner Iwrote
and submitted about a week ago. Bagle-H and Bagle-I seem to be using somecome
off-the-wall ZIP compressor that none of the other ZIP compressors (like
InfoZip and WinZip) use, which makes for a somewhat unique header to track
these things. I've attached the PERL code to this e-mail. This code also
blocks UPX compressed binaries as well (I've yet to see any UPX binary
through via e-mail that wasn't a virus of some sort).
It is some crude code, and could be improved. If there's a demand for it, I'll work to improve it more. To "install", just add this code to the end of the qmail-scanner-queue.pl and add "fileformat_scanner" to the scanner array. Eg:
# cat ffs_scanner.pl >> /var/qmail/bin/qmail-scanner-queue.pl # vi /var/qmail/bin/qmail-scanner-queue.pl ... #Array of virus scanners used must point to subroutines my @scanner_array=("fileformat_scanner", ... );
John Narron | "Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury?" (660) 886 4045 | - Queensryche
----- Original Message ----- From: "CertaintyTech-Ed" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 02, 2004 12:17 PM
Subject: [Qmail-scanner-general]Bagle-h and password protected ZIP files
Anyone else seeing the Bagle-H virus getting thru? I am using Q-S and sophie and it is not stopping them. Sophie sees that the ZIP file is password encrypted so can't check it for viruses and Q-S goes ahead and passes it thru. Does anyone know of any way to catch this one? For now I am blocking all ZIP attachments...
Thanks, --- Ed
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
