#!/usr/bin/perl 

# Released to the public domain 2001 by Sam Trenholme

# This is a mil filter that kills emails that look like the sircam virus
# It sends a "you have SirCam reply to the offending sender"
# rcpt is the email address of the email you want all non-SirCam mail to
# go to.  It is usually the first argument this script receives.

$rcpt = shift || "nobody\@localhost";

$bozo = 0;
$reason="simcam virus";

# We scan up until the 30th line in the message body
while($bodyline < 30)
  {
  $line = <STDIN>;
  $header .= $line;

  # Check for certain key sircam signatures
  if($line =~ /I send you this file in order to have your advice/i ||
     $line =~ /I hope you can help me with this file that I send/i ||
     $line =~ /I hope you like the file that I sendo you/i ||
     $line =~ /This is the file with the information that you ask for/i ||
     $line =~ /Te mando este archivo para que me des tu punto de vista/i ||
     $line =~ /Espero me puedas ayudar con el archivo que te mando/i ||
     $line =~ /Espero te guste este archivo que te mando/i ||
     $line =~ /Este es el archivo con la informacin que me pediste/i) 
    {
    $bozo = 1;
    }

  # Find out who sent the message
  if($line =~ /^from: (.*)/i && !$fromname)
    {
    $fromname = $1;
    @addrs = split(/[ \t\n\<\>]/,$1);
    while(@addrs)
      {
      $word = shift @addrs;
      if($word =~ /\@/)
        {
        $fname = $word;
        break;
        }
      }
    }
  if($body > 0)
    {
    $bodyline++;
    }
  if($line =~ /^\s*$/)
    {
    $body = 1;
    }
  }

$dest = "|/usr/sbin/sendmail $rcpt";

if($bozo) 
  {
  $dest = "|/usr/sbin/sendmail $fname";
  }

#print @thought_police;

open(MAILBOX,$dest) || die "Why cant I open $dest\n";

# Qmail fix
$now = localtime(time);
print MAILBOX "From $fromname $now\n";
#print MAILBOX "X-Fname: \"$fname\"\n"; # DEBUG

if($bozo) {
  print MAILBOX "From: nobody\@example.com\n";
  print MAILBOX "To: $fname\n";
  print MAILBOX "Subject: It looks like you are infected with SIRCAM\n\n";
  print MAILBOX "It looks like you have been infected with the sircam virus.";
  print MAILBOX "\nBecause of this, we have not delivered what appears to be";
  print MAILBOX "\na sircam message.\n\nUndelivered mail follows:\n";
  }

$virusflag = 0;
print MAILBOX $header;
# We don't print out the long sircam body
close MAILBOX;


