[Exchange2K] event sink gebruiken om spam te verplaatsen

<SCRIPT LANGUAGE="VBSCRIPT">
'------------------------------------------------------------------------------
' NAME:         SpamFilter.vbs
' VERSION:      0.1 - 6/18/03
' DESCRIPTION:  Grabs each message coming into the STMP service and dumps it out
'                   to a file. Then executes a spamassassin bat file on it. Then
'                   scans that file to see if it is spam or not, and 
'                   acts accordingly. ("accordingly" having several meanings,
'                   depending on what you want done to your Spam)
'
' NOTES:        This will be slowish - so if you have a lot of users, this 
'                   probably isn't your best option.
'               This will grab mail coming from outside of your Exchange server.
'               We don't get Spam from inside of our Exchange server - if you do
'                   then you probably have larger issues to deal with than just
'                   this script.
'
' TODO:         Reports/charts, add the local recipient's address and/or name to
'                   the filename so that they are easier to lookup upon complaint
'------------------------------------------------------------------------------

' Declare Windows 2000/2003 SMTP Transport Event Sink constants
Const cdoRunNextSink = 0
Const cdoSkipRemainingSinks = 1
Const cdoStatAbortDelivery = 2
Const cdoStatBadMail = 3

' Set to false if you do not want to keep any messages in the Windows SMTP BADMAIL folder
Const ENABLE_BADMAIL = False
'set this if you want messages to be flagged as spam instead of sent to badmail or killed
Const ENABLE_FLAG_MESSAGE = False

' Declare ADO constants
Const adSaveCreateOverWrite = 2

' paths to folders we will be using
Const TEST_PATH = "d:\spamfiltervbs\test\"
Const SPAM_PATH = "d:\spamfiltervbs\files\spam\"
Const NONSPAM_PATH = "d:\spamfiltervbs\files\goed\"


Sub ISMTPOnArrival_OnArrival(ByVal objMessage, EventStatus)

    'Start up Error Checking (so that we can promptly ignore it)
    On Error Resume Next
    'on error goto :errhandler

    ' Declare variables
    Dim strTestEmail
    Dim objFields              
    Dim objStream           
    Dim iCount 
    Dim listRnd 
    Dim iRnd 
    Dim strRandom
    Dim oShell
    Dim objFileSystem
    Dim strMessage
    Dim ts    
    Dim f
Dim myitem
dim i
  Dim fs
  Set fs = CreateObject("Scripting.FileSystemObject")
  Dim file, file2
thisdate=now()
thisyear = year(thisdate)
thismonth = right("0" & month(thisdate),2)
thisday = right("0" & day(thisdate),2)
mytoday = thisyear & thismonth & thisday
set file2 = fs.opentextfile("d:\spamfiltervbs\error.log", 8 , true)
Set file = fs.OpenTextFile("d:\spamfiltervbs\logs\spamfiltervbs " & mytoday & ".log", 8, True )
total=0
virus=0
spam=0
pass=0
'
if fs.FileExists("d:\spamfiltervbs\counters\" & mytoday & ".txt") then
    Set f3 = fs.opentextfile("d:\spamfiltervbs\counters\" & mytoday & ".txt")
    sendstats=false
    regel = f3.readline
    total=right(regel,len(regel)-instr(regel,"="))
    regel = f3.readline
    virus=right(regel,len(regel)-instr(regel,"="))
    regel = f3.readline
    spam=right(regel,len(regel)-instr(regel,"="))
    regel = f3.readline
    pass=right(regel,len(regel)-instr(regel,"="))
    f3.close
else
    'file does not exist; e-mail old file, if any
    sendstats=true
end if
total=total+1
    file.write date() & "," & time() & ","
    file.write "from: " & objMessage.from & ","

    ' Get fields collection of message
    Set objFields = objMessage.EnvelopeFields   

    ' Process message
    With objMessage

        ' Get message as stream
        Set objStream = .GetStream
'check for german virus

        ' Save message as stream to file 
        objStream.SaveToFile (TEST_PATH & "spamtestin.txt"), adSaveCreateOverWrite
    End With

    'spamtest file now exists, so we should now run spamassassin against it and have it output a file
    Set oShell = CreateObject("WScript.Shell")
'Run clamscan
    oShell.Run "d:\spamfiltervbs\mailscan.bat", 0, True
    Set objFileSystem = CreateObject("Scripting.FileSystemObject")
dim f2, ts2, strmessage2
    'Open the virusscan result file
    Set f2 = objFileSystem.GetFile(TEST_PATH & "scanresult.txt")
    Set ts2 = f2.OpenAsTextStream(1,-2)
    strMessage2 = ts2.ReadAll
    ts2.Close
'Check for the ': OK' entry
if instr(1,strMessage2, ": OK", 1) then

'No virus found
    oShell.Run "d:\spamfiltervbs\exchange_spam_check.bat", 0, True
    'now open up the spamtestout.txt file and see if that is spam (see if it contains "X-Spam-Status: Yes"
    'if it is spam, then copy spamtestin.txt to a randomly named text file in the SPAM_PATH
    'if it is not spam, then copy spamtestin.txt to a randomly named text file in the NONSPAM_PATH
    'then later run bat scripts to learn on those directories, and then del the files in there after learning

    'open up the file
    Set f = objFileSystem.GetFile(TEST_PATH & "spamtestout.txt")
    Set ts = f.OpenAsTextStream(1,-2)
    strMessage = ts.ReadAll
    ts.Close

    pos = instr(strMessage,"score=" )
    pos2 = instr(mid(strmessage,pos+6,25),"required=")
    file.write (mid(strmessage,pos+6,pos2-1)) & ","
'create a random filename
    randomize     
    iCount = 1        
    DO        
        'get random number b/w 48 & 122 (0 - Z)
        iRnd = int(75 * rnd + 48)        
        'limit string to 0-9, a-z, A-Z
        if (iRnd < 57 OR iRnd > 65) AND (iRnd < 90 OR iRnd > 97) then
             listRnd = listRnd & chr(iRnd)
             iCount = iCount + 1
        END IF        
    LOOP UNTIL iCount = 21

    'make it a little more readable
    strRandom = mid(listRnd,1,5) & mid(listRnd,6,5) & mid(listRnd,11,5) & mid(listRnd,16,5)          

    'check to see if it is spam
    If InStr(1, strMessage, "X-Spam-Status: Yes", 1) Then
file.write "SPAM" & vbcrlf
spam=spam+1
        'if in here, then it is Spam
        'write it to the spam dir
        objStream.SaveToFile (SPAM_PATH & strRandom & ".txt"), adSaveCreateOverWrite
    Set file6 = fs.OpenTextFile(SPAM_PATH & "report\" & strRandom & ".out.txt", 8, True )
    file6.write strMessage
    file6.close
        'since it is spam, we now need to flag it, or move it to the badmail, or just let it die
        'if we are going to badmail it, or let it die, then we can set the event status so that it
        'does not run any more Sinks on it
        If ENABLE_FLAG_MESSAGE Then
            'if in here, then we will add a flag to the message subject
            objMessage.Subject = "*****SPAM*****" & objMessage.Subject
            objMessage.DataSource.Save
            'the message is still getting sent to the user, so keep checking sinks
            EventStatus = cdoRunNextSink
        Else
            'if in here, then we are either sending it to badmail, or just letting it die
            If ENABLE_BADMAIL Then
                'if in here, then we will send the message to badmail
                objFields.Item("http://schemas.microsoft.com/cdo/smtpenvelope/messagestatus").Value = cdoStatBadMail
                objFields.Update
            Else
                'if in here, then we will just let the message die
                objFields.Item("http://schemas.microsoft.com/cdo/smtpenvelope/messagestatus").Value = cdoStatAbortDelivery
                objFields.Update
            End If
            'since we are in here, the message isn't going to go to the user anymore, so 
            'we can stop running any more sinks on it
            EventStatus = cdoSkipRemainingSinks
        End If
    Else
file.write "No SPAM" & vbcrlf
pass=pass+1
        'if in here, then it is not Spam (Ham)
        'write it to the non spam dir
        objStream.SaveToFile (NONSPAM_PATH & strRandom & ".txt"), adSaveCreateOverWrite
    Set file6 = fs.OpenTextFile(NONSPAM_PATH & "report\" & strRandom & ".out.txt", 8, True )
    file6.write strMessage
    file6.close

        'since it is not spam, we will just leave it alone from here out and it will get to the sender
        EventStatus = cdoRunNextSink
    End If
else
    'Virus found
        virus=virus+1
        file.write "0,VIRUS" & vbcrlf
                objFields.Item("http://schemas.microsoft.com/cdo/smtpenvelope/messagestatus").Value = cdoStatAbortDelivery
                objFields.Update
end if

    ' Clean up the mess we have made
  file.Close
    Set objStream = Nothing
    Set objFields = Nothing
    Set oShell = Nothing
    Set f = Nothing
    Set ts = Nothing
if sendstats=true then
thisdate=now()-1
thisyear = year(thisdate)
thismonth = right("0" & month(thisdate),2)
thisday = right("0" & day(thisdate),2)
myyesterday = thisyear & thismonth & thisday
total=0
virus=0
spam=0
pass=0
    Set objMessage = CreateObject("CDO.Message") 
    objMessage.Subject = "SPAM filter statistics " & myyesterday
    objMessage.Sender = """Spamfilter DC1"" <spamfilter@domein.nl>" 
    objMessage.To = "steven@domein.nl" 
    Set f5 = objFileSystem.GetFile("d:\spamfiltervbs\counters\" & myyesterday & ".txt")
    Set ts2 = f5.OpenAsTextStream(1,-2)
    objMessage.TextBody = ts2.ReadAll   
    ts2.Close
    objMessage.Send
end if
Set file4 = fs.OpenTextFile("d:\spamfiltervbs\counters\"  & mytoday & ".txt", 2, True )
file4.write "total=" & total & vbcrlf
file4.write "virus=" & virus & vbcrlf
file4.write "spam=" & spam & vbcrlf
file4.write "pass=" & pass & vbcrlf
file4.close
    set fs = nothing
    Set objFileSystem = Nothing
file2.close
End Sub
</SCRIPT>

Spam = InStr(Msg.Subject, "X-Spam-Level: ****")