Small scripting task - Global file for /etc/antivirus.exim ?

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Am using the /etc/antivirus.exim file to filter out some persistant spammers.

Got a few servers that should work with the exact same antivirus.exim file.

Question - How could I get the antivirus.exim file to reference a web page, e.g. something like http://domain.com/filter.txt

I would guess that I will need to cron a shell script to go out and bring in filter.txt every-so-many-minutes, then replace the content of antivirus.exim with the content of http://domain.com/filter.txt

But I am hard pressed to find any scripting example of this kind of thing.

Anyone?


----

By the way, if this helps anyone, here is my current antivirus.exim file which seems to lower the spam rate by some degree:

# Exim filter
if error_message then finish endif
if
$message_headers contains "tpnet.pl"
or $header_subject contains "SEXUALLY-EXPLICIT"
or $message_body contains "tzakol"
or $message_body contains "LegalRX"
or $message_body contains "Anatrim"
or $message_body contains "PostCard.exe"
or $message_body contains "go.ro"
or $message_body contains "Viagra"
or $message_body contains "viagra"
or $message_body contains "Stocks Alert"
or $message_body contains "St0ck"
or $message_body contains "H0T NEWS"
or $message_body contains "Str0ng Buy"
or $message_body contains "businesswire"
or $message_body contains "BUSINESS WIRE"
or $message_body contains "phentermine"
or $message_body contains "Phentermine"
or $message_body contains "your meds"
then
save "/dev/null" 660
endif


------------------------------------

Follow up question ---> Does anyone know of a way that I could make these rules caseUNsensitive, i.e. so I would not need two or more rules to cover caps, like this:

or $message_body contains "Viagra"
or $message_body contains "viagra"
 

nazmy

Member
Oct 31, 2004
16
0
151
actually "contains" is not case sensitive , if you wanna set a case sensitive rule use "CONTAINS"
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
actually "contains" is not case sensitive , if you wanna set a case sensitive rule use "CONTAINS"
Cool! Thanks very much for that.

By the way, regarding the other question I am going to start experimenting with a shell script that looks something like this:


#!/bin/bash
cd /etc
wget http://www.domain.com/antis.txt
mv -f antivirus.exim antivirus.exim.backup
mv -f antis.txt antivirus.exim
chown root:root antivirus.exim
service exim restart
done


Not sure if it'll work, we'll see.
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Cool! Thanks very much for that.

By the way, regarding the other question I am going to start experimenting with a shell script that looks something like this:


#!/bin/bash
cd /etc
wget http://www.domain.com/antis.txt
mv -f antivirus.exim antivirus.exim.backup
mv -f antis.txt antivirus.exim
chown root:root antivirus.exim
service exim restart
done


Not sure if it'll work, we'll see.

Yup. Works, just needed to get rid of the "done". Full script then is like this:


#!/bin/bash
cd /etc
wget http://www.domain.com/antis.txt
mv -f antivirus.exim antivirus.exim.backup
mv -f antis.txt antivirus.exim
chown root:root antivirus.exim
service exim restart
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Here's a better version with a conditional, in case the imported file is not found:

#!/bin/bash
cd /etc
if wget http://www.domain.com/antis.txt
then
mv -f antivirus.exim antivirus.exim.backup
mv -f antis.txt antivirus.exim
chown root:root antivirus.exim
service exim restart
else
echo "Could not download file. Aborting." 1>&2
exit 1
fi


Without the condition, we'd be removing the antivirus.exim file and restarting exim without it, IF the import file was not found.

I know all this is shell scripting 101 for most here, but is certainly a new way to use this stuff for me.