Re: Dropping infected emails...

From: Bjarni R. Einarsson (
Date: Wed 09 Oct 2002 - 17:04:02 GMT

  • Next message: mark david mcCreary: "Anomy translating Japanese characters"

    On 2002-10-07, 18:23:19 (+0100), Mike Scott wrote:
    > Hello, being fed up with the amount of spam and virus email that I'm
    > recieving via my website, I've just finished configuring anomy to drop any
    > dangerous attachments.. although, it would be much better if I could
    > configure it to drop, or better, archive the entire email (usually virus
    > mails)...
    > This is trivial to do with procmail, but it would be really useful to have a
    > header inserted into the email with some sort of status (i.e. ACCEPT, SAVE,
    > or DROP) depending on what the action Anomy took with the Emails'
    > attachments...

    I keep getting this question... basically, the answer is "nope" -
    simply because the Sanitizer is a *filter* which processes the entire
    message in a single pass.

    To add a header, it would need to make first one pass to scan the
    message and then another to add the header and then rewrite the message


    This sort of behavior can be implemented with a little help from
    Procmail or other wrapper scripts. Anomy can be configured to return a
    nonzero exit code when it encounters a virus or the modification score
    exceeds a certain amount.

    Assuming you are using procmail, the rule which passes the message
    through Anomy can be immediately followed by a rule which checks the
    exit code and if it's nonzero, either add a status header or save the
    message to a special mailbox.

    This was the idea anyway - the problem is, I've never actually gotten
    it to work because of Procmail's insistance on recovering the original
    message if the filtering rule appears to fail! :-) If anyone can get
    this to work, please share with the mailing list!

    Another solution, which isn't quite as elegant (but is OTOH much more
    flexible), is to wrap the Sanitizer in a script which will redirect
    it's STDERR log to a file, which can then be grepped for indications of
    a virus infection after filtering. The ultimate fate of the message
    can then be based on what sort of info is found in the log file.

    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89                -><-    

    Check out my open-source email sanitizer: Spammers, please send plenty of email to:

    hosted by