[linux-guvenlik] Re: Sample

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Serdar KOYLU (serdar@uludag.org.tr)
Date: Tue 24 Aug 2004 - 20:54:08 EEST

Previous message: Kaya Büyükçelen: "[linux-guvenlik] Re: Sample"
In reply to: Kaya Büyükçelen: "[linux-guvenlik] Re: Sample"
Next in thread: mesut guler: "[linux-guvenlik] Re: Sample"

Selamlar..

Asagida bu is icin yazilmis, spamassassin gibi kullanabileceginiz basit
bir script mevcut. Bunu maillist yoneticileri eklerlerse bu tur luzumsuz
virusleri engellemeleri mumkun olabilir saniyorum.

#!/bin/bash
npart=1
prc='YES'
exitstat=0
found='no'
while read i; do

#if [ "$prc" == 'YES' ]; then
    hdr=$(echo "$i"|cut -d ':' -f 1)
    if [ "$hdr" == "Content-Type" ]; then
        if [ "$prc" == "YES" ]; then
            # search attachment.
            atch=$(echo "$i"|cut -d ' ' -f 3)
            #echo $atch
            fname=$(echo "$atch"|cut -d '=' -f 2)
            xtest=$(echo "$fname"|cut -d '=' -f 2)
            xtest=$(echo "$xtest" |egrep -e "\.zip\"$" -e "\.pif\"$" \
                -e "\.scr\"$")
            #echo "L:$i A:$atch F:$fname T:$test" >>/tmp/flog
            if [ "$xtest" != "" ]; then
                exitstat=1
                found='yes'
                prc='NO'
                #echo "Found Windows file" >>/tmp/flog
            fi
            np=$(echo $i|grep "boundary=")
            if [ "$np" != "" ]; then
                nx=$(echo "$np"|cut -d '=' -f 2-)
                nx=$(echo $nx|cut -d '"' -f 2)
            fi
        fi
    else
        if [ "$nx" != "" ]; then
            t=$(echo $i|grep -e$nx)
        else
            t=""
        fi
        #echo $i of $t is grep \'$nx\'
        if [ "$t" != "" ]; then
            npart=1
            nline=0
        elif [ "$i" != "" ]; then
            nline=0
            npart=0
        elif [ "$npart" == "1" ]; then
            nline=$((${nline}+1))
            if [[ $nline == 2 && $npart == 1 ]]; then
                exitstat=2
                prc='NO'
            fi
        fi
    fi
    if [ "$exitstat" == '2' ]; then
        break
    fi
done
exitstat=0

if [ "$found" == "yes" ]; then
    echo "FOUND: $found"
    exitstat=1
fi

exit $exitstat
#--------------------------------------- End of script..

Script, eger zip vs. gibi bir attachment'e rastlarsa, exit kodu 1 ile
sonlaniyor. Bende, evolution ile birlikte iyi isliyor. Biraz yavas ama,
idare eder..

Saygi ve sevgiler..

> Arkadaºlar bu viruslerin gonderdigi abuk subuk mesajlari gormekten
> biktim artik.
> Hem gereksiz mesaj trafigi yaratiyor.
>
> Buna bi cozum bulabilir miyiz?
> --
> Kaya Büyükçelen <kaya@buyukcelen.com>
>
>
> -- Attached file included as plaintext by Ecartis --
> -- File: signature.asc
> -- Desc: This is a digitally signed message part
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQBBK3yZtuGxfG1FG7ERAqNSAJsGO7JJBM60d9jDR9iq/7bBirg55gCfU9nL
> /8DzyxgSS7dff5Na7PNlKTA
> =FWXf
> -----END PGP SIGNATURE-----
>
>
>

Previous message: Kaya Büyükçelen: "[linux-guvenlik] Re: Sample"
In reply to: Kaya Büyükçelen: "[linux-guvenlik] Re: Sample"
Next in thread: mesut guler: "[linux-guvenlik] Re: Sample"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.