1 Topic by bestkevin (edited by bestkevin 2022-02-17 18:06:21)

  • bestkevin
  • Member
  • Offline
  • Registered: 2022-02-17
  • Posts: 3

Topic: URL rewriter for virus/phishing scan

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.1 MARIADB edition (iRedAdmin-Pro 5.0 (MySQL))
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Debian 9.13
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello, is there a way to rewrite url's in email, to get them scanned for virus or phishing ?
What I mean is:
incoming email: "hey, click hxxt://blablabla.com to claim your amazon delivery"
become: "hey, click hxxp://urlchecksite.com?url=blablabla.com to claim your amazon delivery"

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 908

Re: URL rewriter for virus/phishing scan

you need a filelistener and modify the mail after it was created, since it is stored as plain textfile.


for example:

inotify


#!/bin/bash
while true; do

inotifywait -e create -r /var/mail/vmail1 && \
bash /path/to/script.sh

done



then ge the full patch to the file, parse it to the script, and do a regex search for URL and rewrite it to your needs