info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
logging attachement hashes
23 views
Skip to first unread message
Andreas Schulze via amavis-users
Nov 5, 2013, 7:44:17 AM11/5/13
to
Hello,
I wrote a patch to enable amavisd logging a hash of each mimepart of a message.
As a result we have a nice logging about attachment with randomized names:
Nov 5 13:24:34 amavis amavis[63605]: (63605) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_915348761926.zip
Nov 5 13:24:47 amavis amavis[64401]: (64401) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_246684491810.zip
Nov 5 13:24:49 amavis amavis[37512]: (37512) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_385492343722.zip
Nov 5 13:25:11 amavis amavis[23929]: (23929) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_410730648345.zip
Nov 5 13:25:28 amavis amavis[23927]: (23927) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_067966022207.zip
Nov 5 13:25:35 amavis amavis[23931]: (23931) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_886327295193.zip
Nov 5 13:25:49 amavis amavis[23923]: (23923) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_079214708084.zip
Nov 5 13:25:58 amavis amavis[23936]: (23936) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_381806514856.zip
Looking at these logs it's very easy to identify malicius content still not detected by virusscanners.
Maybe somone has an idea to extend that feature.
Andreas
--
Andreas Schulze
Internetdienste | P252
DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Dipl.-Kfm. Dr. Robert Mayr
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen
I wrote a patch to enable amavisd logging a hash of each mimepart of a message.
As a result we have a nice logging about attachment with randomized names:
Nov 5 13:24:34 amavis amavis[63605]: (63605) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_915348761926.zip
Nov 5 13:24:47 amavis amavis[64401]: (64401) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_246684491810.zip
Nov 5 13:24:49 amavis amavis[37512]: (37512) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_385492343722.zip
Nov 5 13:25:11 amavis amavis[23929]: (23929) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_410730648345.zip
Nov 5 13:25:28 amavis amavis[23927]: (23927) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_067966022207.zip
Nov 5 13:25:35 amavis amavis[23931]: (23931) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_886327295193.zip
Nov 5 13:25:49 amavis amavis[23923]: (23923) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_079214708084.zip
Nov 5 13:25:58 amavis amavis[23936]: (23936) p003 1/2 Content-Type: application/zip, size: 175613 B, md5: e687fa20dbe2f62418da7dee62f5ef74, name: VodafoneWillkommen_381806514856.zip
Looking at these logs it's very easy to identify malicius content still not detected by virusscanners.
Maybe somone has an idea to extend that feature.
Andreas
--
Andreas Schulze
Internetdienste | P252
DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Dipl.-Kfm. Dr. Robert Mayr
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen
Steve Scotter via amavis-users
Nov 6, 2013, 7:09:10 AM11/6/13
to
Like!
DISCLAIMER
This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author’s prior permission.
We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
We cannot accept liability for any loss or damage caused by software viruses.
The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
yuriis...@gmail.com
May 23, 2017, 5:36:24 PM5/23/17
to
I have download a patch but I am new with amavis. Could you clarify how to setup this patch?
KR, Yurii
0 new messages