Looks like that did it, SWEET!
-----Original Message-----
From: John Narron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 03, 2004 3:38 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]Bagle-h and password protected ZIP files
Again, I wrote this on v1.16, and should've tested it on v1.20 first.
So if this is screwing up people's systems, hey I'm sorry :)
Seems Mr Haar is using $ENV{'TMPDIR'} to indicate where the to-be-scanned
stuff is. So here's a new one. Praying to god this one works for ya.
I tried to send it, as a joke of course, in an encrypted .ZIP file, but:
<[EMAIL PROTECTED]>:
66.35.250.206 failed after I sent the message.
Remote host said: 550-For the time being, we are blocking all mail with the
.zip extentsion. If
550 this this is a problem, please open a Support Request on the SF.net
webite.
So no joy, just a regular .pl file :)
John Narron | "Sacrifice, they always say
Network Administration | Is a sign of nobility
CDS/CDSinet, LLC | But where does one draw the line
http://www.cdsinet.net | In the face of injury?"
(660) 886 4045 | - Queensryche
----- Original Message -----
From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 03, 2004 1:51 PM
Subject: RE: [Qmail-scanner-general]Bagle-h and password protected ZIP files
> Ok reapplied and now this.
> error_condition: X-Qmail-Scanner-1.20: ffs: cannot open
> "/var/spool/qmailscan/working/tmp/server.domain.org107834368651125290"
> I also changed the $scandir to include $wmaildir/tmp that's were the other
> process are scanning.
>
> -----Original Message-----
> From: John Narron [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 03, 2004 2:35 PM
> To: Jason Staudenmayer; [EMAIL PROTECTED]
> Subject: Re: [Qmail-scanner-general]Bagle-h and password protected ZIP
files
>
>
> I installed v1.20 on a test server, and I'm not getting this error.
>
> Perhaps there was a problem with saving the attachment. If you just
simple
> cut&paste it, maybe the code got munged. Check like 2352 in
> /var/qmail/bin/qmail-scanner-queue.pl .. its probably missing a _
(probably
> a $ffs_time variable and somehow $ffs got seperated from _time)..
>
> John Narron | "Sacrifice, they always say
> Network Administration | Is a sign of nobility
> CDS/CDSinet, LLC | But where does one draw the line
> http://www.cdsinet.net | In the face of injury?"
> (660) 886 4045 | - Queensryche
>
> ----- Original Message -----
> From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, March 03, 2004 1:06 PM
> Subject: RE: [Qmail-scanner-general]Bagle-h and password protected ZIP
files
>
>
> > Still no luck
> > Global symbol "$ffs" requires explicit package name at
> > /var/qmail/bin/qmail-scanner-queue.pl line 2352.
> > This is a hard error q-s fails to run.
> > Execution of /var/qmail/bin/qmail-scanner-queue.pl aborted due to
> > compilation errors.
> >
> >
> > -----Original Message-----
> > From: John Narron [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, March 03, 2004 1:03 PM
> > To: Jason Staudenmayer; [EMAIL PROTECTED]
> > Subject: Re: [Qmail-scanner-general]Bagle-h and password protected ZIP
> files
> >
> >
> > My bad!
> >
> > I seem to forget from time to time that I'm still running QSQ 1.16
> >
> > Attached is a version of FFS that should work with 1.20
> >
> > John Narron | "Sacrifice, they always say
> > Network Administration | Is a sign of nobility
> > CDS/CDSinet, LLC | But where does one draw the line
> > http://www.cdsinet.net | In the face of injury?"
> > (660) 886 4045 | - Queensryche
> >
> > ----- Original Message -----
> > From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 03, 2004 11:46 AM
> > Subject: RE: [Qmail-scanner-general]Bagle-h and password protected ZIP
> files
> >
> >
> > > Looks like the script causes an error over here.
> > > 03/03/2004 12:48:14:22344: error_condition: X-Qmail-Scanner-1.20:
> > Requeuing:
> > > Undefined subroutine &main::tempfail called at
> > > /var/qmail/bin/qmail-scanner-queue.pl line 2345.
> > >
> > > Any clues?
> > >
> > > -----Original Message-----
> > > From: John Narron [mailto:[EMAIL PROTECTED]
> > > Sent: Tuesday, March 02, 2004 1:35 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [Qmail-scanner-general]Bagle-h and password protected ZIP
> > files
> > >
> > >
> > > I've been blocking Bagle-H and Bagle-I using the fileformat-scanner I
> > wrote
> > > and submitted about a week ago. Bagle-H and Bagle-I seem to be using
> some
> > > off-the-wall ZIP compressor that none of the other ZIP compressors
(like
> > > InfoZip and WinZip) use, which makes for a somewhat unique header to
> track
> > > these things. I've attached the PERL code to this e-mail. This code
> also
> > > blocks UPX compressed binaries as well (I've yet to see any UPX binary
> > come
> > > through via e-mail that wasn't a virus of some sort).
> > >
> > > It is some crude code, and could be improved. If there's a demand for
> it,
> > > I'll work to improve it more. To "install", just add this code to the
> end
> > > of the qmail-scanner-queue.pl and add "fileformat_scanner" to the
> scanner
> > > array. Eg:
> > >
> > > # cat ffs_scanner.pl >> /var/qmail/bin/qmail-scanner-queue.pl
> > > # vi /var/qmail/bin/qmail-scanner-queue.pl
> > > ...
> > > #Array of virus scanners used must point to subroutines
> > > my @scanner_array=("fileformat_scanner", ... );
> > >
> > >
> > >
> > > John Narron | "Sacrifice, they always say
> > > Network Administration | Is a sign of nobility
> > > CDS/CDSinet, LLC | But where does one draw the line
> > > http://www.cdsinet.net | In the face of injury?"
> > > (660) 886 4045 | - Queensryche
> > >
> > > ----- Original Message -----
> > > From: "CertaintyTech-Ed" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, March 02, 2004 12:17 PM
> > > Subject: [Qmail-scanner-general]Bagle-h and password protected ZIP
files
> > >
> > >
> > > > Anyone else seeing the Bagle-H virus getting thru? I am using Q-S
and
> > > > sophie and it is not stopping them. Sophie sees that the ZIP file
is
> > > > password encrypted so can't check it for viruses and Q-S goes ahead
> and
> > > > passes it thru. Does anyone know of any way to catch this one? For
> now
> > > > I am blocking all ZIP attachments...
> > > >
> > > > Thanks,
> > > > ---
> > > > Ed
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> > > > Build and deploy apps & Web services for Linux with
> > > > a free DVD software kit from IBM. Click Now!
> > > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> > > > _______________________________________________
> > > > Qmail-scanner-general mailing list
> > > > [EMAIL PROTECTED]
> > > > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
> > > >
> > > >
> > >
> > >
> > > -------------------------------------------------------
> > > SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> > > Build and deploy apps & Web services for Linux with
> > > a free DVD software kit from IBM. Click Now!
> > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> > > _______________________________________________
> > > Qmail-scanner-general mailing list
> > > [EMAIL PROTECTED]
> > > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
> > >
> > >
> >
> >
> > -------------------------------------------------------
> > SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> > Build and deploy apps & Web services for Linux with
> > a free DVD software kit from IBM. Click Now!
> > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> > _______________________________________________
> > Qmail-scanner-general mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
> >
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Qmail-scanner-general mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
>
>
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
