[Avcheck] Per domain viruswarning

Michael Tokarev Avcheck list <avcheck@list.corpit.ru>
Mon, 27 May 2002 16:40:34 +0400 

Nicolai Strom Gylling wrote:
> 
> And if shell-programming isn't my specialty :)
> 
> I think it would be nice, if it could be solved like with th
> e Postfix-files, transport, relay-domains etc, with a domain
> -mapping file to an email-account getting the administrative
> mails.

This isn't something that should be done this way.  Mind you,
there are as many possible different ways to deal with infected
emails that are users/administrators.  Next time, one will ask
for "carantine" (sorry for spelling) emails per domain, web
interface etc.  Infected handler is simple enouth for this,
and it is almost trivial to customize it "to the death" --
*having* some basic shell programming knowlege.

> If it's easy to solve with some shell-scripting, perhaps you
> you give me a hint to what's the easiest way to solve it?

That's easy.  Based on infected.ex2 example.  In that script,
instead of

 VIRUS_ALERT=virus-alert # set to empty to skip administrator email

do something like:

 VIRUS_ALERT=
 for i; do
   case "$i" in
    *@domain1.tld) VIRUS_ALERT="$VIRUS_ALERT postmaster@domain1.tld" ;;
    *@sub1.domain2.tld|*@sub2.domain2.tld)
       VIRUS_ALERT="$VIRUS_ALERT postmaster@domain2.tld" ;;
    *@domain3.tld) VIRUS_ALERT="$VIRUS_ALERT postmaster@domain3.tld" ;;
    ...
    *) VIRUS_ALERT="$VIRUS_ALERT postmaster@local.domain.tld" ;;
   esac
 done

 if [ $# -gt 2 ] ; then  # remove dups
   VIRUS_ALERT=`echo $VIRUS_ALERT | tr ' ' '\n' | sort -u`
 fi

Instead of listing all the domains here, you may use a map as you
suggested, and call e.g. `postmap -q' here.

The only problem is that shell IS case-sensitive, but domains arent.
It may be good idea to fold domain part to lowercase before comparing
it.  E.g.

 for i; do
   i=`echo " $i" | sed -e 'y/[A-Z]/[a-z]/' -e 's/.*@//'`
   adm=`postmap -q "$i" hash:/etc/virusalerts` || adm=postmaster@default.domain
   VIRUS_ALERT="$VIRUS_ALERT $adm"
 done

/mjt

P.S.  Please do not top-post next time... ;)

\> -----Original Message-----
> From: Michael Tokarev [mailto:mjt@tls.msk.ru]
> Sent: Saturday, 25 May 2002 4:34 PM
> To: Nicolai Strom Gylling
> Cc: avcheck@list.corpit.ru
> Subject: Re: [Avcheck] Per domain viruswarning
> 
> Nicolai Strøm Gylling wrote:
> >
> > Hi
> >
> > Is there some way to direct virus-warningmails to different
> > email-adresses, depending on domain?
> >
> > ex:
> > Mails going to domainA, sends warnings to recipient, sender and
> > virusmaster@domainA, and so forth?
> 
> This should be relatively trivial if you have some expirience with shell programming.  I especially made separate `infected' handler for such purposes, so anyone will be able to tweak a script to suit his own local needs.
> 
> The only real question in this context is what to do with multi-recipient mails where recipients are in different domains.
> 
> /mjt
> _______________________________________________
> Avcheck mailing list
> Avcheck@list.corpit.ru
> http://www.corpit.ru/mailman/listinfo/avcheck