Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 18 subscribers
  • Views 8328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HOWTO submit virus sample via CLI script

gygy

The easiest way I found was to use mutt to send the files directly to mx1.sophos.com.

Step 1: create a muttrc file with only two lines:

 set from = 'XXXXX@XYXYXY.me'
 set smtp_url = 'smtp://mx1.sophos.com:25'

Step 2: use this mutrc file to send virus sample:

 mutt -F sophos-mutrc samples@sophos.com -s "Virus sample I found" -a firus_file.zip

:57313


This thread was automatically locked due to age.
  • 0

    Hello gygy,

    The easiest way

    but not the best one. What's wrong with using the online submission form? Sure, Submitting samples of suspicious files to Sophos lists email (BTW: hard coded MX hosts are not best practice) as alternate method of submission. The article clearly states (*) that you should construct the message in a specific way. Even if you leave out the requested details the attached archive should be password protected archive (do not assume that the MX will waive it through if it isn't) and therefore the password must be included in the message.

    Christian

    (*) When an Englishman says if possible you should construe it as by all means

    :57323
  • 0

    I agree that having an hard-coded mail server is not the best thing.

    Submitting samples via the online form is very, very difficult to do if the linux computer doesn't have an X server on it. I tried scripting this via CURL but the javascript was to much for me.

    A small script from Sophos wil be nice, especially since such a script could send other usefull information, like the serial number, linux version, sophos-av version, database version etc.

    Clamav already has clamsubmit and is opensource.

    :57335
Unfiltered HTML