| Title: | ALL-IN-1 (tm) Support Conference |
| Notice: | Please spell ALL-IN-1 correctly - all CAPITALS! |
| Moderator: | IOSG::PYE��CE |
| Created: | Fri Jul 01 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 2716 |
| Total number of notes: | 12169 |
Our main source of MS Word and Excel virus infections is incoming
email. The TeamLinks checks catch some of this, but I was wondering if
we could automate the checking of incoming email from off node by using
the VMS VSWEEP program, and if we find an infected email then bounce
the email back to the sender rather than deliver it.
I am not an ALL-IN-1, Mailbus, MR support person -- just a part time
VMS system manager with the local ALL-IN-1 services on the VMS cluster
here. Is it possible to do what I want?
I guess that it means:
a. being able to put some DCL (or script?) into either the process
delivering email onto our nodes, or else into the Fetcher process that
picks the email up and puts it into the ALL-IN-1 file cabinet (am I
right that this is what Fetcher does?). Is there a place to insert DCL
in the delivery mechanism?
b. That DCL would run VSWEEP.EXE against the directory/directories with
the as yet undelivered email in it. Filespecs of email with virus would
be placed into a file, VSWEEP can do that. Is incoming undelivered
email stored in one place or is it spread over all the OA$SHARE* areas
or what else instead?
c. Is it possible that given a filespec of an undelivered email, to
determine who sent it and bounce it back to them undelivered?
d. VSWEEP is supposed to be able to disinfect files with macro viruses
but it is new functionality and it seems to let a lot of infected files
through on our cluster. I'd rather bounce than rely on VSWEEP cleaning
up, at this time.
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 2482.1 | See 1709 for discussion and roll-your-own suggestions | IOSG::PYE | Graham - ALL-IN-1 Sorcerer's Apprentice | Fri Jan 24 1997 10:54 | 17 |
You are not the first person to ask this - See note 1709 and numerous
replies.
There isn't any point in the fetcher code where you can get your own
code run to check incoming messages. Actually, you might be able to do
it in Message Router, but it would probably need some programming
changes.
Incoming mail messages are, as you so accurately describe it, "spread
all over the shared areas". So your only strategy is to run batch jobs
that scan all the .DOC messages in the shared areas and look for
viruses. If you find one, you can simply replace the file with a empty
Word document saying that there was a virus. Then you can look the
filename up in the SDAF and, assuming you can decode the format, work
out the sender and addressees.
In 1709, you'll see how the IOSG System Manager does it.
| |||||