phPOP3clean 0.9.14 review

Download
by rbytes.net on

phPOP3clean is a PHP-based POP3 email scanner

License: GPL (GNU General Public License)
File size: 0K
Developer: James Heinrich
0 stars award from rbytes.net

phPOP3clean is a PHP-based POP3 email scanner. phPOP3clean is designed to be run as a cron job every minute or so, and to catch & delete several types of unwanted emails:

a) malformed emails - incomplete or malformed headers, which cause some POP3 servers to drop connection when the message is retrieved

b) email worms - attached executable files matched against database of known variant, including matching variable-length files or files with internal random bytes (such as the currently-popular Netsky & Beagle variants). Zipped attachments are unzipped and scanned. Password-protected zipped attachments are matched based on deceptive filenames (eg: "readme.txt .exe").

c) image-based spam - attached images are matched against database of known spam images to reject messages containing only an inline attached image (technique of bypassing many spam filters). Images with random bytes appended are also matched.

d) obfuscated word spam - scans message body for obfuscated words, such as "v??qr?" in place of "viagra"

e) blacklisted phrase spam - scans message body for phrases (such as "Securities Exchange Act of 1934" or "forward looking statements", both of which are in most stock-promoting spam). Regular expression matches can be used to match variations.

f) blacklisted source code - scans message source for phrases known to be part of exploits (eg: < script language="JScript.Encode" >)

g) blacklisted Received header - reject messages based on "Received" header contents

h) blacklisted IP spam - scans message contents for links to blacklisted IP ranges (eg: 221.11.133.66/25). Links can be in HTML or plain text, image/iframe src, etc.

i) whitelist - "From" and "Return-Path" headers are scanned to match whitelist to bypass all filtering.

All matching is done against MySQL tables, the contents of which are all user-configurable with included admin interface.

Supported message encodings are: 7-bit, 8-bit, quoted-printable, base64.

Installation:

Unzip to a password-protected directory on your server. For speed reasons it's advisable to run on the same server as the mailserver, but it works over POP3 so you can run poPOP3clean on any webserver and scan accounts on any other server(s). After you've configured phPOP3clean, schedule it to run as a cron job every few minutes (every minute is ideal, if your server can handle the load). The cron job may look something like this:

lynx -dump -auth=user:pass http://example.com/admin/phPOP3clean.php

where user:pass is the .htaccess username/password required to access that directory. phPOP3clean normally outputs nothing during its run, but if you want to see the status messages you can access

http://example.com/admin/phPOP3clean.php?show=1

in your browser and you can see what phPOP3clean is doing.

There are some values you must modify in phPOP3clean.config.php -- take a look at that file and it should be pretty self-explanatory.

To create the MySQL tables required by phPOP3clean, simply run phPOP3clean.install.php and the tables will be created if required. Any changes to the table structures required by future versions will be handled by this file, so run this again after upgrading to a newer version of phPOP3clean.

A "quarantine" folder PHPOP3CLEAN_QUARANTINE (default is /phpop3clean/ below installation directory) and within that a new directory is created each month where the deleted emails are stored (gzipped). This allows you to review deleted emails from the admin interface. You will need to manually clean up these directories as the months go by.

What's New in This Release:
Please re-run phPOP3clean.install.php
Default directory structure has changed significantly in this version. phPOP3clean.admin.php is to be placed in a public- accessible directory (eg webroot) and the rest of the files are in secured (eg .htaccess) subdirectory "phPOP3clean"
Added login system requiring valid login before allowing access to phPOP3clean.admin.php -- set PHPOP3CLEAN_ADMINPASS in phPOP3clean.config.php for full admin access. User-level access is granted with email + POP3password
[#1596198] Config variable to set 'waiting-period'
Added PHPOP3CLEAN_INTERSCAN_WAIT_PERIOD
[#1595680] Whitelist emails can now be partial (eg domain only) to match eg: @example.com
[#1596705] Easy access to whitelist emails from recent list
[#1596704] Add multiple emails to whitelist at once
Much faster at skipping previously-scanned emails
Added PHPOP3CLEAN_CONFIG_VERSION to phpThumb.config.php to check for out-of-date config files
Added PHPOP3CLEAN_HIDE_PASSWORDS to phpThumb.config.php
Auto-ban domains admin now sortable
Bugfix: [#1598359] magic_quotes_gpc now handled properly
Bugfix: [#1595837] "Spam Assassin filter not working" (thanks jrf?users*sourceforge*net)
Bugfix: `lasthit` missing from email whitelist (thanks jrf?users*sourceforge*net)
Bugfix: several HTML issues in admin screens (thanks jrf?users*sourceforge*net)
Bugfix: multipart-inside-multipart messages were not being handled correctly
Bugfix: `phpop3clean_domain_hits` wasn't being pruned correctly
Bugfix: HTML attachments with incorrect MIME types (eg application/octet-stream) were not being parsed for URLs
Bugfix: failed to parse some multipart/alternative sections
Many unitialized/non-disposed variables fixed (thanks jrf?users*sourceforge*net)

phPOP3clean 0.9.14 search tags