Articles: 843 | Categories: 148   
   
   
Home Articles Contact Us
 
Categories
 
Php
Asp.Net
C#
Javascript
Css
 
 
 
News section
 
UT
This site is under testing at the moment so please visit us after a sh...
Testing

Welcome to my siteWelcome to my siteWelcome to my site

 
 
Phpop3clean (0 Comments)
Admin: Posted Date: April 4, 2010

PHP-based spam & virus/worm filtering for POP3 email accounts. Designed to run as a cron job and catch spam based on links to blacklisted IPs, obfuscated words or blacklisted phrases; attached-image spam; email worms; corrupted or malformed emails. 

What is phPOP3clean?
--------------------
phPOP3clean is a PHP-based POP3 email scanner. It's designed to be
run as a cron job every minute or so, and to catch & delete several
types of unwanted emails:
a) malformed emails - incomplete or malformed headers, which cause
some POP3 servers to drop connection when the message is retrieved
b) email worms - attached executable files matched against database
of known variant, including matching variable-length files or
files with internal random bytes (such as the currently-popular
Netsky & Beagle variants).  Zipped attachments are unzipped and
scanned. Password-protected zipped attachments are matched based
on deceptive filenames (eg: "readme.txt   .exe").
c) image-based spam - attached images are matched against database of
known spam images to reject messages containing only an inline
attached image (technique of bypassing many spam filters). Images
with random bytes appended are also matched.
d) obfuscated word spam - scans message body for obfuscated words,
such as "víàqrä" in place of "viagra"
e) blacklisted phrase spam - scans message body for phrases (such as
"Securities Exchange Act of 1934" or "forward looking statements",
both of which are in most stock-promoting spam). Regular expression
matches can be used to match variations.

                               

                          

f) blacklisted source code - scans message source for phrases known
to be part of exploits (eg: <script language="JScript.Encode">)
g) blacklisted Received header - reject messages based on "Received"
header contents
h) blacklisted IP spam - scans message contents for links to blacklisted
IP ranges (eg: 221.11.133.66/25). Links can be in HTML or plain text,
image/iframe src, etc.
i) blacklisted domains - auto-blacklists any IPs associated with domains
that regularly swap IPs from a pool of zombie machines
j) whitelist - "From" and "Return-Path" headers are scanned to match
whitelist to bypass all filtering.
k) SpamAssassin support - can delete emails based on what SpamAssassin says
m) DNSBL support - reject email based on headers or body containing
blacklisted IPs/domains
All matching is done against MySQL tables, the contents of which are all
user-configurable with included admin interface.

 

 
 
Add a Comment:
 
(You must be signed in to comment on an article. Not a member? Click here to register)
   
Title:

Comments:
 
   
 
 
 
 
 
Expert Authors
 
1268829389Image016.jpg  
1272104937professional.jpg
 
 
Home | About us | Contact us | Advertisement | Terms of use