Maths mail server checks

To scan incoming email on the Maths mail server, instead of having sendmail listening on port 25, we have a perl script. This looks at the message, decides if to allow the message through or re-direct it to me; then feeds it to sendmail. This is originally Jim Richardson's (jimr@maths.usyd.edu.au); and he will not allow his script to be publicized. As far as virus detection is concerned, it is almost trivial; something along the lines:

#!/usr/bin/perl --
$Win_exec_file = qr!.*?\.\s*(bat|cmd|com|cpl|exe|hta|lnk|pif|rar|scr|vb[es]|z(ip)?|\{.*?\})[\s"]*($|;)!i;
while (<>) {
 print "Bad message\n" if
  m!name\s*=$Win_exec_file!i or
  ( m!^begin\s+[0-7]{1,6}\s+(\S+)\s*$! and $1 =~ m!^$Win_exec_file!i ) or
  m!<\s*iframe\b!i or
  m!<\s*object\s.*?data\s*=!i or
  m!<\s*script\s+language\s*=[\s\'\"]*vbs(cript)?!i;
}

will probably do the job of trapping most viruses. (You might want to add other checks: see checkvirus for many other things you could check for.)

Paul Szabo psz@maths.usyd.edu.au 19 Nov 04