Inflex - Modifying
---------------------------

The overall procedure of Inflex is as follows :

 . Initialise variables that will be used throughout Inflex
 . Setup directories for email analysis
 . Capture email
 . Log details regarding email
 . Unpack email
 . Scan email for file TYPES
 . Scan email for file NAMES
 . Scan email for VIRUSES
 . If needed, send email report to Administrator, sender and receiver
 . Cleanup

Inflex comes by default with the following blocking/scanning options...


MODIFYING FILE TYPE BLOCKING :
MODIFYING FILE TYPE BLOCKING :
MODIFYING FILE TYPE BLOCKING :

File Types blocked :

	MS-DOS Executables
	PC Bitmap Data [BMP files]
	AVI movies
	MPEG movies
	WAVE type audio files

	Extra file types can be blocked, or existing ones can be removed,
	
In the /usr/sbin/inflex file, you will see around line 124 the following
entries :

	grep "MS-DOS executable" ${tmpdir}/fileresults >> ${badfileslog}
	grep "PC bitmap data" ${tmpdir}/fileresults >> ${badfileslog}
	grep "AVI" ${tmpdir}/fileresults >> ${badfileslog}
	grep "MPEG" ${tmpdir}/fileresults >> ${badfileslog}
	grep "WAVE" ${tmpdir}/fileresults >> ${badfileslog}

The format of each entry is :

	grep "</etc/magic description>" ${tmpdir}/fileresults >> ${badfileslog}

If you wanted to add a new file-type blocker, say for file types ARB, you would
add the following :

	grep "ARB" ${tmpdir}/fileresuls >> ${badfileslog}

NOTE - the expression which is grepped for MUST EXIST in the /etc/magic file
if it does not, then you will have to update the /etc/magic file, or perhaps
rather block the file according to its name [see next section]


MODIFYING FILE NAME BLOCKING :
MODIFYING FILE NAME BLOCKING :
MODIFYING FILE NAME BLOCKING :

File names blocked :

	links.vbs  	[a virus in disguise]
	*.mp3		[ I couldn't see a /etc/magic entry for mp3's ]
	*.ppt		[ MS Powerpoint files ]

	Extra file names can be blocked, or you might want to remove some.

Near line 136 in the /usr/sbin/inflex file, you will find lines similar to:

	find ${tmpdir} -iname 'links.vbs' >> ${badfileslog}
	find ${tmpdir} -iname '*.mp3' >> ${badfileslog}
	find ${tmpdir} -iname '*.ppt' >> ${badfileslog}

The format of each line is as follows :

	find ${tmpdir} -iname 'name or pattern to search for' >> ${badfileslog}

If you want to add a new file-name filter, say to block all files ending with .CTP,
 then you would add the following line to the /usr/sbin/inflex file

	find ${tmpdir} -iname '*.CTP' >> ${badfileslog}

NOTE - The use of '-iname' in the find command is to force case INsensitive
searching of the file names. If you specifically want to search for a case
sensitive file name [eg .CtP] then use '-name'.




MODIFYING THE SENDER/RECEIVER/ADMINISTRTOR messages:
MODIFYING THE SENDER/RECEIVER/ADMINISTRTOR messages:
MODIFYING THE SENDER/RECEIVER/ADMINISTRTOR messages:

In the event that you wish to alter the style of message sent out when a 
blocked/virused email occurs, you attempt modification of the FIVE message sections
starting from line 232.  The sequence of messages is as follows :

If virus OR badfile
	Administrator Message Creation
	Administrator Message send
end

If virus
	Build "sender" message
	Send "sender" message

	Build "recipient" message
	Send "recipient" message
end

If badfile
        Build "sender" message
        Send "sender" message

        Build "recipient" message
        Send "recipient" message
end



-END.
