/****************************************************************/ /* Filter for use with Weasel */ /* */ /* Emergency fix for a mailbombing of viruses that started */ /* in September 2003. We check the "From:" header in the */ /* received mail (not the MAIL FROM parameter, which is */ /* likely to be different) and reject the mail if the */ /* address string contains one of the substrings in the */ /* blacklist defined below. */ /* */ /* Feel free to make your own improvements. This is a */ /* quick-and-dirty solution to an emergency situation, and */ /* could no doubt be improved with a bit of thought. */ /* */ /* */ /* Authors: Peter Moylan (peter@ee.newcastle.edu.au) */ /* Paul Smedley (paul@smedley.info) */ /* Started: 20 September 2003 */ /* Last revised: 03 October 2003 */ /* */ /* Installation: */ /* Put this file in the directory containing WEASEL.INI */ /* Put its name in the 'Filter 4' line in the 'Filters' */ /* page in Setup. */ /* (Alternatively, run it from multifilter.cmd.) */ /* Weasel needs to be restarted to recognise the change. */ /* */ /****************************************************************/ CALL RxFuncAdd SysLoadFuncs, rexxutil, sysloadfuncs CALL SysLoadFuncs PARSE ARG userlist SrcFile SrcFile = STRIP(SrcFile) SrcFile = TRANSLATE(SrcFile, '\', '/') /* Define a list of banned "From" names. */ bannedsender.1 = TRANSLATE("MS") bannedsender.2 = TRANSLATE("Microsoft") bannedsender.3 = TRANSLATE("Program") bannedsender.4 = TRANSLATE("Internet") bannedsender.5 = TRANSLATE("Network") bannedsender.6 = TRANSLATE("Security") bannedsender.7 = TRANSLATE("Division") bannedsender.8 = TRANSLATE("Section") bannedsender.9 = TRANSLATE("Department") bannedsender.10 = TRANSLATE("Center") bannedsender.11 = TRANSLATE("Technical") bannedsender.12 = TRANSLATE("Public") bannedsender.13 = TRANSLATE("Customer") bannedsender.14 = TRANSLATE("Bulletin") bannedsender.15 = TRANSLATE("Services") bannedsender.16 = TRANSLATE("Assistance") bannedsender.17 = TRANSLATE("Support") bannedsender.0 = 17 banneddomain.1 = TRANSLATE("news") banneddomain.2 = TRANSLATE("bulletin") banneddomain.3 = TRANSLATE("confidence") banneddomain.4 = TRANSLATE("advisor") banneddomain.5 = TRANSLATE("updates") banneddomain.6 = TRANSLATE("technet") banneddomain.7 = TRANSLATE("support") banneddomain.8 = TRANSLATE("newsletters") banneddomain.9 = TRANSLATE("ms") banneddomain.10 = TRANSLATE("msn") banneddomain.11 = TRANSLATE("msdn") banneddomain.12 = TRANSLATE("microsoft") banneddomain.0 = 12 /* Read through the header of SrcFile, ignoring everything except */ /* the "From:" line. */ InHeader = 1 found = 0 resultcode = 0 DO FOREVER /* Each time around this loop we look at one line of */ /* the header. */ line = TRANSLATE(LineIn(SrcFile)) IF line = "" THEN LEAVE ELSE IF (LEFT(line,1) = ' ') | (LEFT(line,1) = '09'X) THEN DO /* Continuation line, no need to process it. */ END ELSE IF POS(':', line) = 0 THEN LEAVE ELSE DO PARSE VALUE line WITH keyword ':' remainder IF keyword = "FROM" THEN DO k = 1 DO FOREVER IF k > bannedsender.0 THEN LEAVE ELSE IF POS(bannedsender.k, line) > 0 THEN DO j=1 k = bannedsender.0+1 DO FOREVER IF j > banneddomain.0 THEN LEAVE ELSE IF POS(banneddomain.j, line) > 0 THEN DO resultcode = 3 LEAVE END ELSE j = j + 1 END END ELSE k = k+1 END /*DO*/ LEAVE END END END CALL stream SrcFile, 'C', 'CLOSE' /* Return to Weasel with the result code. */ RETURN resultcode