Another question.  I'm looking at replacing Captaris WebMail with SquirrelMail.  I've gone so far as actually sending a test message from SM.  Does anyone know if it's possible to remove the SM identifiers from the header records?  I don't personally but I'm sure there are plenty of mail administrators out there that are blocking SM due to all the spam with SM in the headers.

Return-path: <x@bkbusa.com>
Received: from 192.168.1.3 (192.168.1.1) by BKBUSA.COM (Mercury/32 v4.01b) with ESMTP ID MG000E34;
   25 Nov 2007 16:10:04 -0400
Received: from 0.0.0.0
        (SquirrelMail authenticated user x)                 <-------
        by 192.168.1.3 with HTTP;
        Thu, 25 Nov 2007 16:10:06 -0400 (Eastern Daylight Time)
Message-ID: <0.0.0.0.0.1193343006.squirrel@192.168.1.3>
Date: Thu, 25 Nov 2007 16:10:06 -0400 (Eastern Daylight Time)
Subject: Test
From: x@bkbusa.com
To: x@bkbusa.com
User-Agent: SquirrelMail/1.4.11                             <-------
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-PMFLAGS: 34078848 0 1 723C85FA.CNM                        

Has anyone written a policy to get F-Prot's new command line scanner fpscan.exe working with Mercury/32?

The commandline is documented in:

 http://www.f-prot.com/support/windows/fpwin_faq/446.html and

http://www.f-prot.com/support/windows/fpwin_faq/445.html

The return codes are defined in http://www.f-prot.com/support/windows/fpwin_faq/310.html

Differences between V3 and V6 are shown in:

http://www.f-prot.com/support/windows/fpwin_faq/357.html 

No where does it show how to scan a file, just mapped drives, but a posting to a newsgroup suggests that you can address a single file using: "c:\pathtofprot\fpscan /disinfect %1"

I would like to hear if this works ok

Martin 

I have created a policy for fpscan.exe version 6 and it seems to work fine.

If anyone wants it, just shout. 

Regards,

Martin 

Yes please.  Send it to irelam@telus.net please   I will then update Virscan and Virprot documentation

Martin 

Hi Martin,

Is it possible to send me the policy to use the fprot 6  fpscan.exe by mail?

Or is it possible to download it anywhere?

Thanks a lot for your help !

regards, Rene 

Martin, sent as requested.

Also, if anyone is interested I have a method for allowing e-mails with specific to or from addresses to effectively bypass a policy.

I use this myself as I handle lots of malware samples and I need to be able to send them onto the AV companies and other researchers without the anti-virus policy blocking them. Likewise, I receive new samples from people, and these also need to be able to bypass the anti-virus policy. All other mail gets scanned as normal.

The technique I use could be used for any mercury policy. 

Hope this is of interest?

Regards,

Martin 

[quote user="toaster"]

I have created a policy for fpscan.exe version 6 and it seems to work fine.

If anyone wants it, just shout. 

Regards,

Martin 

[/quote]

Martin:

I'd appreciate a copy of your policy. Can you post it here, or email it to me: subelman@markmatrix.com ?

Thanks 

Hi Martin,

Tested the policy, it works fine!

Thanks for helping!

Rene

To save anyone else e-mailing me for the policy, here it is:

Obviously you'll need to change the paths and policy options to suit your
own needs.

Policy:
-------------------------------------------------------------------------
Type of task: Run a program using a sentinel file
Commandline: c:\f-prot\mailnew.bat ~X ~R ~S
This task should be applied before any filtering rules: TRUE
Action: Save to file and notify a user
Parameter: c:\samples\mail, mo
-------------------------------------------------------------------------

Mailnew.bat: (Bat/CMD file to run the scanner.)
-------------------------------------------------------------------------

@echo off
: Rem - %1 is the file to scan %2 is the name of the result file %3 is the
: Rem - sentinel file. The report from the scan is sent to the Result file.
: Rem - If No virus is found then the Result file is deleted prior to
: Rem - deleting the sentinel file. If a virus, or other error is
: Rem - found, then a message indicating the meaning of the return code
: Rem - is tacked on to the end of the result file. Deletion of the sentinel
: Rem - file is the last thing that takes place.
: Rem - Note 1: Some of the error codes should never occur, in this context,
: Rem - but I put them in anyway for documentation purposes, if nothing else.
: Rem - Note 2: There's colons in front of the Rem statements because blank
: Rem - labels process faster than Rem statements (the entire Rem statement
: Rem - is parsed even though it's a comment)
: Rem - No extended batch command features are used so this should work with
: Rem - *any* MS OS.
: Rem
c:\PROGRA~1\FRISKS~1\F-PROT~1\fpscan.exe %1 -s 4 -o %2
If Errorlevel 5 goto err5
If Errorlevel 4 goto err4
If Errorlevel 3 goto err3
If Errorlevel 2 goto err2
If Errorlevel 1 goto err1
Del %2
goto Finished
:Err1
echo !!!!!VIRUS FOUND!!!! >> %2
goto Finished
:Err2
echo !!!!!VIRUS FOUND!!!! >> %2
goto Finished
:Err3
echo !!!!!VIRUS FOUND!!!! >> %2
goto Finished
:Err4
echo Program terminated via ^C or Esc >> %2
goto Finished
:Err5
echo Program terminated via ^C or Esc >> %2
goto Finished
:Finished
Del %3
exit

-------------------------------------------------------------------------------- 

This works fine with the commandline component of F-Prot version 6 for Windows. 

Regards,

Martin 

Thanks, Martin!

On the Mercury/32 machine do I need to tell F-Prot to exclude any directories from scanning?