anomy-list

Sorting with procmail

From: Kai Raven (90769@xyz.molar.is)
Date: Sat 23 Aug 2003 - 12:04:21 GMT

  • Next message: Jason Williams: "Questions about anonmy"

    Hi,

    i'm using anomy since yesterday together with f-prot
    command-line and procmail. I have the problem to sort/filter anomy
    tagged e-mails, because anomy delivers only the known x-headers
    X-Anomy-Sanitizer: Gotcha!
    X-Gotcha: Sanitizer!
    for all kinds of anomalies and the log.
    So some postings to mailing-lists without attached virii are transfered
    to my virus-folder too.

    I have set in my sanitizer.cfg:
    file_list_1_scanner = 0:3,6:8:/usr/local/bin/f-prot -ai -archive -dumb
    %FILENAME
    file_list_1_policy = unknown:mangle:defang:warn
    file_list_1 = (?i)(winmail\.dat
    file_list_1 += |\.(exe|vb[es]|c(om|hm)|bat|pif|s(ys|cr))
    file_list_1 += (\.g?z|\.bz\d?)*)$

    and in my .procmailrc:

    :0fw: anomy.lock
    | /usr/local/anomy/bin/sanitizer.pl /home/hiro/.anomy/sanitizer.cfg

    :0BDA
    * ^.*SanitizeFile.*filename.*mimetype.*application/octet-stream
    $QUARA

    With the f-prot command above, f-prot shows for a message, contaminated
    with Sobig:
    /virustest.msg->your_details.pif Infection: W32/Sobig.F@mm
    and in the result overview:
    Infected: 1
    Suspicious: 0

    So it would be nice, to have an additional x-header like
    x-anomy-result: Infection: Virusname or
    x-anomy-result: Infected|Suspicious

    I have played with the check_for_viruses script, which shows:
    VIRUS : W32/Sobig.F@mm

    So my question is, how can i integrate the output of the check script
    or f-prot in procmail to get a better filtering/sorting or how do you do
    that? ;)

    Ciao
    Kai

    WWW: http://kai.iks-jena.de/
    GPG-Key: 0x60F3882F / 0x76C65282
    ICQ:146714798



    hosted by molar.is